Description
Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by HTrovao · textwebappsphp
https://www.exploit-db.com/exploits/36347
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48308
Exploit x_refsource_misc
https://www.dognaedis.com/vulns/DGS-SEC-2.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71520
Scores
EPSS
0.0292
EPSS Percentile
86.5%
Details
CWE
CWE-79
Status
published
Products (10)
hastymail/hastymail2
(12 CPE variants)
hastymail/hastymail2
1.0
hastymail/hastymail2
1.01
hastymail/hastymail2
1.1 rc1 (2 CPE variants)
hastymail/hastymail2
2.0 (7 CPE variants)
hastymail/hastymail2
2.0.1
hastymail/hastymail2
2.0.2
hastymail/hastymail2
2.0.3
hastymail/hastymail2
2.0.4
hastymail/hastymail2
2.0.5
Published
Nov 29, 2011
Tracked Since
Feb 18, 2026