VULHUB ™

Hastymail is reported prone to a script execution vulnerability that could allow a remote attacker to execute arbitrary HTML or script code in the browser of a vulnerable user. It is reported that if a user attempts to download an HTML attachment through the application's interface, the browser may examine the file extension and open the file inline. A remote attacker can create a malicious HTML attachment and send it to a user. If the user attempts to download the attachment, the user's browser will open the unfiltered attachment. This can allow for JavaScript or HTML code to execute in the browser leading to cookie-based credential theft or other attacks. Hastymail Stable version 1.0.1 and Development version 1.1 are affected by this issue. It is likely that prior versions are affected as well.

Hastymail is reported prone to a script execution vulnerability that could allow a remote attacker to execute arbitrary HTML or script code in the browser of a vulnerable user. It is reported that if a user attempts to download an HTML attachment through the application's interface, the browser may examine the file extension and open the file inline. A remote attacker can create a malicious HTML attachment and send it to a user. If the user attempts to download the attachment, the user's browser will open the unfiltered attachment. This can allow for JavaScript or HTML code to execute in the browser leading to cookie-based credential theft or other attacks. Hastymail Stable version 1.0.1 and Development version 1.1 are affected by this issue. It is likely that prior versions are affected as well.