CVE-2010-4646 - OpenCVE

Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hastymail	Hastymail2

Configuration 1 [-]

OR	cpe:2.3:a:hastymail:hastymail2::beta1::::::*
	cpe:2.3:a:hastymail:hastymail2::beta2::::::*
	cpe:2.3:a:hastymail:hastymail2::beta3::::::*
	cpe:2.3:a:hastymail:hastymail2::rc1::::::*
	cpe:2.3:a:hastymail:hastymail2::rc2::::::*
	cpe:2.3:a:hastymail:hastymail2::rc3::::::*
	cpe:2.3:a:hastymail:hastymail2::rc4::::::*
	cpe:2.3:a:hastymail:hastymail2::rc5::::::*
	cpe:2.3:a:hastymail:hastymail2::rc6::::::*
	cpe:2.3:a:hastymail:hastymail2::rc7::::::*
	cpe:2.3:a:hastymail:hastymail2::rc8::::::*
	cpe:2.3:a:hastymail:hastymail2::rc9::::::*
	cpe:2.3:a:hastymail:hastymail2::::::::

References

Link	Resource
http://openwall.com/lists/oss-security/2011/01/05/3	Patch
http://openwall.com/lists/oss-security/2011/01/06/14	Patch
http://www.hastymail.org/security/	Patch Vendor Advisory
http://www.securityfocus.com/bid/43681
https://exchange.xforce.ibmcloud.com/vulnerabilities/64962

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-01-18T17:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2011-01-03T00:00:00

Link: CVE-2010-4646

JSON object: View

NVD Information

Status : Modified

Published: 2011-01-18T18:03:08.017

Modified: 2017-08-17T01:33:17.243

Link: CVE-2010-4646

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.hastymail.org/security/"}, {"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/06/14"}, {"name": "hastymail2-table-xss(64962)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"}, {"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/05/3"}, {"name": "43681", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43681"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4646", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.hastymail.org/security/", "refsource": "CONFIRM", "url": "http://www.hastymail.org/security/"}, {"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/01/06/14"}, {"name": "hastymail2-table-xss(64962)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"}, {"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/01/05/3"}, {"name": "43681", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43681"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4646", "datePublished": "2011-01-18T17:00:00", "dateReserved": "2011-01-03T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta1:*:*:*:*:*:*", "matchCriteriaId": "17631BFA-B2A5-487E-99AB-5B4E25A90B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta2:*:*:*:*:*:*", "matchCriteriaId": "AC76ADC8-D667-47CD-9039-94385EC33013", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta3:*:*:*:*:*:*", "matchCriteriaId": "6E54C8B1-14FB-49A8-B86E-D7F72ED7CBF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc1:*:*:*:*:*:*", "matchCriteriaId": "2F912F5D-7038-4BD2-AFC3-61073FC1EED0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc2:*:*:*:*:*:*", "matchCriteriaId": "B4CE257B-569C-4A0F-B39D-182962C0B4B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc3:*:*:*:*:*:*", "matchCriteriaId": "D59EB083-C0C4-4522-8EF3-D188C026D236", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc4:*:*:*:*:*:*", "matchCriteriaId": "13C81A5F-541F-47BF-8ABC-F8C58417DB2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc5:*:*:*:*:*:*", "matchCriteriaId": "1E4B6B96-94ED-460B-BC38-E2C926959BE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc6:*:*:*:*:*:*", "matchCriteriaId": "9D2DDFB5-E74A-41C4-A6E6-2DFC7BD744EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc7:*:*:*:*:*:*", "matchCriteriaId": "9F20ADB5-9E5F-4728-8FE1-0919174FAA53", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc8:*:*:*:*:*:*", "matchCriteriaId": "E3D97957-11A4-46A9-91DB-D7A03FDF7062", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc9:*:*:*:*:*:*", "matchCriteriaId": "D764BB4E-8FB0-4A54-81F5-2D6BD1C20C81", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE8F18C-40C1-4BA5-891B-378A2064E9CC", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Hastymail2 anterior a v1.01 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un atributo manipulado dentro de una celda en un elemento TABLE, relacionados con el uso indebido del filtro htmLawed."}], "id": "CVE-2010-4646", "lastModified": "2017-08-17T01:33:17.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-01-18T18:03:08.017", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/05/3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/06/14"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.hastymail.org/security/"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/43681"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}