Reflected XSS Vulnerability in Apache Pony Mail Interface
CVE-2019-0218

6.1MEDIUM

Key Information:

Vendor

The Apache

Status
Apache Pony Mail (incubating)
Vendor
CVE Published:
22 April 2019

What is CVE-2019-0218?

A reflected Cross-Site Scripting (XSS) vulnerability was identified in the Apache Pony Mail interface. This flaw arises from the processing of specially crafted URLs, which can execute JavaScript code when accessed, potentially compromising user security by exposing sensitive data or allowing unauthorized actions. It is crucial for developers and administrators to address this vulnerability to enhance the overall security of their applications.

Affected Version(s)

Apache Pony Mail (incubating) 0.8 to 0.10

References

https://lists.apache.org/thread.html/18a7ff26bc31a77e32e5...
mailing-listx_refsource_MLIST
https://www.openwall.com/lists/oss-security/2019/04/20/1
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/108046
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.