CVE-2003-0130
published 2003-03-24CVE-2003-0130: The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote…
medium5CVSS 3.1
AVNACLAuNCNIPAN
EXPLOIT
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | evolution | < evolution 1.2.3 (bookworm) | evolution 1.2.3 (bookworm) |
| gnome | evolution | >= 0 < 1.2.3 | 1.2.3 |
| gnome | evolution | >= 0 < 1.2.3 | 1.2.3 |
| gnome | evolution | >= 0 < 1.2.3 | 1.2.3 |
| gnome | evolution | >= 0 < 1.2.3 | 1.2.3 |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
| ximian | evolution | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM