header-logo
Suggest Exploit
vendor:
JAWMail
by:
SecurityFocus
8.8
CVSS
HIGH
HTML Injection
79
CWE
Product Name: JAWMail
Affected Version From: 2000.7.2
Affected Version To: 2000.7.2
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: o:jaw:jawmail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Problems with JAWMail

JAWMail is vulnerable to HTML injection attacks due to insufficient filtering of malicious HTML code from emails. When a user opens an email in JAWMail that contains malicious HTML code, the code contained in the mail would be executed in the browser of the mail user. An example of malicious HTML code is the code shown above, which would cause an alert box to appear when the user hovers over the word 'bolder'.

Mitigation:

Users should be advised to only open emails from trusted sources. Additionally, administrators should ensure that the latest version of JAWMail is installed, as this version contains a fix for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5771/info

Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client.

JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user opens an email in JAWMail that contains malicious HTML code, the code contained in the mail would be executed in the browser of the mail user.

<b onMouseOver="alert(document.cookie)">bolder</b>

Navigation

Suggest Exploit

Services By CQR