A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NApache Pony Mail
APPApache0.8 – 0.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2026-41873CRITICAL9.8PL ✓ten sam produkt
HTTP Request Smuggling w Apache Pony Mail — przejęcie konta admina
CVE-2016-4460CRITICAL9.8ten sam produkt
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
CVE-2017-5658MEDIUM5.3ten sam produkt
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without prope...
CVE-2025-24813CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Apache Tomcat: Path Equivalence prowadzący do RCE i ujawnienia danych
CVE-2024-38856CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Apache OFBiz — nieautoryzowane wykonanie kodu przez błędną autoryzację