Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-2975 Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.
Github GHSA Github GHSA GHSA-7crp-p2vc-69r7 Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-09-16T18:09:20.814Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3536

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-02-27T19:29:00.280

Modified: 2024-11-21T01:41:05.210

Link: CVE-2012-3536

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.