CVE-2002-1495
published 2003-04-02CVE-2002-1495: Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.04%
78.7th percentile
Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rudi_benkovic | jawmail | — | — |
| rudi_benkovic | jawmail | — | — |
| rudi_benkovic | jawmail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Neutralization of Script in Attributes in a Web Page
mitre_cwe
CWE-83 Improper Neutralization of Script in Attributes in a Web Page
CWE-83: Improper Neutralization of Script in Attributes in a Web Page
The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Read Application Data, Execute Unauthorized Code or Commands.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentiall
CWE
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
mitre_cwe
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity, Availability. Impact: Read Application Data, Execute Unauthorized Code or Commands. An attacker could insert special characters that are processed client-side in the context of the user's session.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST),
http://archives.neohapsis.com/archives/bugtraq/2002-09/0270.htmlhttp://www.iss.net/security_center/static/10152.phphttp://www.securityfocus.com/bid/5771http://archives.neohapsis.com/archives/bugtraq/2002-09/0270.htmlhttp://www.iss.net/security_center/static/10152.phphttp://www.securityfocus.com/bid/5771
2003-04-02
Published