CVE-2012-3536: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 14, 2022 (updated August 29, 2023)

Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.

References

svn.apache.org/viewvc?view=revision&revision=1373762
github.com/advisories/GHSA-7crp-p2vc-69r7
github.com/apache/james-hupa/commit/aff28a8117a49969b0fc8cc9926c19fa90146d8d
james.apache.org/hupa/index.html
nvd.nist.gov/vuln/detail/CVE-2012-3536

Code Behaviors & Features

Detect and mitigate CVE-2012-3536 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →