CVE-2002-1495

JAWmail 1.0-rc1 - Cross-Site Scripting via Attached File Names and HTML Mail Attributes

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1495. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in JAWMail where malicious HTML code in an email is not properly filtered, allowing arbitrary script execution in the user's browser when the email is viewed.

Description

Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ulf Harnhammar · textwebappsphp
https://www.exploit-db.com/exploits/21817

This exploit demonstrates an XSS vulnerability in JAWMail where malicious HTML code in an email is not properly filtered, allowing arbitrary script execution in the user's browser when the email is viewed.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: JAWMail (version not specified)
No auth needed
Prerequisites: Victim must open the malicious email in JAWMail
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-09/0270.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5771
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10152.php

Scores

EPSS 0.0204
EPSS Percentile 78.6%

Details

Status published
Products (3)
rudi_benkovic/jawmail 1.0
rudi_benkovic/jawmail 1.0.1
rudi_benkovic/jawmail 1.0_rc1
Published Apr 02, 2003
Tracked Since Feb 18, 2026