-
JawMail executes Javascript code that is contained in the name of the sender of an email.
An example for the sender field:
"alert('ouch');"
I have not checked the CC and BCC fields, but I suspect they are vulnerable as well.
Also, I noticed a problem with the way in which the body of an email is formatted. JawMail automatically...
2007-09-09 13:02:29 UTC by knipknap
-
rudib committed patchset 2 of module ab2 to the Just Another Web Mail CVS repository, changing 57 files.
2005-07-26 10:18:22 UTC by rudib
-
rudib committed patchset 1 of module ab2 to the Just Another Web Mail CVS repository, changing 57 files.
2005-07-26 10:18:22 UTC by rudib
-
rudib committed patchset 169 of module mail to the Just Another Web Mail CVS repository, changing 2 files.
2005-07-08 14:05:34 UTC by rudib
-
rudib committed patchset 168 of module mail to the Just Another Web Mail CVS repository, changing 3 files.
2005-07-08 13:58:53 UTC by rudib
-
rudib committed patchset 223 of module jaw to the Just Another Web Mail CVS repository, changing 1 files.
2005-07-08 13:30:16 UTC by rudib
-
rudib committed patchset 222 of module jaw to the Just Another Web Mail CVS repository, changing 1 files.
2005-07-08 13:29:48 UTC by rudib
-
rudib committed patchset 221 of module jaw to the Just Another Web Mail CVS repository, changing 1 files.
2005-07-08 13:29:19 UTC by rudib
-
rudib committed patchset 220 of module jaw to the Just Another Web Mail CVS repository, changing 1 files.
2005-07-08 13:28:57 UTC by rudib
-
rudib committed patchset 219 of module jaw to the Just Another Web Mail CVS repository, changing 1 files.
2005-07-08 13:28:33 UTC by rudib
