Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0130

8 documents8 sources
Severity
5.0MEDIUM
EPSS
13.5%
top 5.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Ximian Evolution
Timeline
PublishedMar 24
Latest updateApr 29

Description

The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDximian/evolution10 versions+9
Debianevolution< 1.2.3+3

Patches

Patch: www.coresecurity.comPatch: www.securityfocus.comPatch: www.coresecurity.com

🔴Vulnerability Details

3
GHSA
GHSA-8rrq-x6h3-fm8w: The handle_image function in mail-format2022-04-29
OSV
CVE-2003-0130: The handle_image function in mail-format2003-03-24
CVEList
CVE-2003-0130: The handle_image function in mail-format2003-03-21

💥Exploits & PoCs

1
Exploit-DB
Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion2003-03-19

📋Vendor Advisories

2
Red Hat
security flaw2003-03-19
Debian
CVE-2003-0130: evolution - The handle_image function in mail-format.c for Ximian Evolution Mail User Agent ...2003

💬Community

1
Bugzilla
CVE-2003-0130 security flaw2018-08-16
CVE-2003-0130 (MEDIUM CVSS 5) | The handle_image function in mail-f | cvebase.io