CVE-2019-0218 — Cross-site Scripting in Apache Pony Mail

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

1.7%

top 17.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Pony Mail THE Apache Software Foundation Apache Pony Mail

Timeline

PublishedApr 22

Latest updateMay 24

Description

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDapache/pony_mail0.8 — 0.10

▶CVEListV5the_apache_software_foundation/apache_pony_mail0.8 to 0.10

🔴Vulnerability Details

GHSA

GHSA-mmx7-fwfq-4hpr: A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface↗2022-05-24

▶

CVEList

CVE-2019-0218: A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface↗2019-04-22

▶

💬Community

Bugzilla

CVE-2018-18501 Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5↗2019-01-29

▶

Bugzilla

CVE-2018-18500 Mozilla: Use-after-free parsing HTML5 stream↗2019-01-29

▶