Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Hastymail 跨站脚本漏洞
Vulnerability Description
Hastymail是一个使用方便快捷、安全,跨平台的IMAP/SMTP客户端。 Hastymail 1.0.1 以及之前的版本(稳定版)和1.1以及之前的版本(演化版)不能发送附件内容配置字段的"attachment"参数,当受害者点击下载链接时,该漏洞导致Internet Explorer将附件内联呈现,这有利于跨站点脚本(XSS)以及其他可能的攻击。
CVSS Information
N/A
Vulnerability Type
N/A