CVE-2012-3536 - Vulnerability Details - OpenCVE

Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01349.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Hupa

Configuration 1 [-]

cpe:2.3:a:apache:hupa:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-2975	Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.
Github GHSA	GHSA-7crp-p2vc-69r7	Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://svn.apache.org/viewvc?view=revision&revision=1373762
https://james.apache.org/hupa/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-02-27T19:00:00Z

Updated: 2024-09-16T18:09:20.814Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3536

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-27T19:29:00.280

Modified: 2024-11-21T01:41:05.210

Link: CVE-2012-3536

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Apache Hupa", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Hupa versions prior to 0.0.3"}]}], "datePublic": "2018-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3."}], "problemTypes": [{"descriptions": [{"description": "XSS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-27T18:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://james.apache.org/hupa/index.html"}, {"tags": ["x_refsource_MISC"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-02-26T00:00:00", "ID": "CVE-2012-3536", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Hupa", "version": {"version_data": [{"version_value": "Hupa versions prior to 0.0.3"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XSS"}]}]}, "references": {"reference_data": [{"name": "https://james.apache.org/hupa/index.html", "refsource": "MISC", "url": "https://james.apache.org/hupa/index.html"}, {"name": "http://svn.apache.org/viewvc?view=revision&revision=1373762", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:13:49.906Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://james.apache.org/hupa/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2012-3536", "datePublished": "2018-02-27T19:00:00Z", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-09-16T18:09:20.814Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hupa:*:*:*:*:*:*:*:*", "matchCriteriaId": "457E0F4F-5999-4A85-8016-52BD2B9B8A1E", "versionEndExcluding": "0.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3."}, {"lang": "es", "value": "Se han solucionado dos vulnerabilidades de Cross-Site Scripting (XSS) en la lista y vista de mensaje en la aplicaci\u00f3n Hupa Webmail del proyecto Apache James. Un atacante podr\u00eda enviar un email cuidadosamente manipulado a un usuario de Hupa, que desencadenar\u00eda un Cross-Site Scripting (XSS) cuando el email se abriese o cuando se visualizase una lista de mensajes. Este problema se ha abordado en Hupa 0.0.3."}], "id": "CVE-2012-3536", "lastModified": "2024-11-21T01:41:05.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-27T19:29:00.280", "references": [{"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://james.apache.org/hupa/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://james.apache.org/hupa/index.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}