Description
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Steven Christey · textremotelinux
https://www.exploit-db.com/exploits/22026
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10666
Various Sources x_refsource_confirm
http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256%40mcguire.earlhood.com
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6204
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-199
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/7353
Scores
EPSS
0.0629
EPSS Percentile
91.0%
Details
Status
published
Products (3)
mhonarc/mhonarc
2.4.4
mhonarc/mhonarc
2.5.2
mhonarc/mhonarc
2.5.12
Published
Nov 29, 2002
Tracked Since
Feb 18, 2026