4.3

CVE-2011-4541

Exploit

Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HastymailHastymail2 Updatebeta1
HastymailHastymail2 Updatebeta2
HastymailHastymail2 Updatebeta3
HastymailHastymail2 Updaterc1
HastymailHastymail2 Updaterc2
HastymailHastymail2 Updaterc3
HastymailHastymail2 Updaterc4
HastymailHastymail2 Updaterc5
HastymailHastymail2 Updaterc6
HastymailHastymail2 Updaterc7
HastymailHastymail2 Updaterc8
HastymailHastymail2 Updaterc9
HastymailHastymail2 Updaterc1 Version <= 2.1.1
HastymailHastymail2 Version1.0
HastymailHastymail2 Version1.01
HastymailHastymail2 Version1.1 Updaterc1
HastymailHastymail2 Version1.1 Updaterc2
HastymailHastymail2 Version2.0
HastymailHastymail2 Version2.0 Updatea1
HastymailHastymail2 Version2.0 Updatea2
HastymailHastymail2 Version2.0 Updateb1
HastymailHastymail2 Version2.0 Updateb2
HastymailHastymail2 Version2.0 Updateb3
HastymailHastymail2 Version2.0 Updaterc1
HastymailHastymail2 Version2.0.1
HastymailHastymail2 Version2.0.2
HastymailHastymail2 Version2.0.3
HastymailHastymail2 Version2.0.4
HastymailHastymail2 Version2.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.49% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.