Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MHonArc HTML脚本过滤可绕过漏洞
Vulnerability Description
MHonArc是一款PERL语言编写的自动解析HTML形式邮件内容的程序,包括在处理过程中从HTML邮件中过滤有危险性的JavaScript标记等功能。 MHonArc对过滤的内容缺少充分正确的检查,可导致攻击者绕过保护并执行任意脚本代码。 攻击者可以在HTML邮件中插入合法的但变化的脚本标记,可导致绕过MHonArc的解析保护功能,导致任意脚本在用户查看时被执行。
CVSS Information
N/A
Vulnerability Type
N/A