Apache Pony Mail vulnerabilities
3 known vulnerabilities affecting apache/pony_mail.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2019-0218MEDIUMCVSS 6.1≥ 0.8, ≤ 0.102019-04-22
CVE-2019-0218 [MEDIUM] CWE-79 CVE-2019-0218: A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaSc
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
nvd
CVE-2017-5658MEDIUMCVSS 5.3≥ 0.7, ≤ 0.92018-10-04
CVE-2017-5658 [MEDIUM] CWE-200 CVE-2017-5658: The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data wit
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching featur
nvd
CVE-2016-4460CRITICALCVSS 9.8v0.6cv0.7b+1 more2017-08-22
CVE-2016-4460 [CRITICAL] CWE-287 CVE-2016-4460: Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
nvd