Rudi Benkovic JAWMail 1.0 - Script Injection
| EKU-ID: 27317 | CVE: CVE-2002-1495;OSVDB-10331 | OSVDB-ID: |
| Author: Ulf Harnhammar | Published: 2002-09-23 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27317 | CVE: CVE-2002-1495;OSVDB-10331 | OSVDB-ID: |
| Author: Ulf Harnhammar | Published: 2002-09-23 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user opens an email in JAWMail that contains malicious HTML code, the code contained in the mail would be executed in the browser of the mail user. <b onMouseOver="alert(document.cookie)">bolder</b>