Family: Debian Local Security Checks --> Category: infos
[DSA199] DSA-199-1 mhonarc Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Steven Christey discovered a cross site scripting vulnerability in
mhonarc, a mail to HTML converter. Carefully crafted message headers
can introduce cross site scripting when mhonarc is configured to
display all headers lines on the web. However, it is often useful to
restrict the displayed header lines to To, From and Subject, in which
case the vulnerability cannot be exploited.
This problem has been fixed in version 2.5.2-1.2 for the current
stable distribution (woody), in version 2.4.4-1.2 for the old stable
distribution (potato) and in version 2.5.13-1 for the unstable
We recommend that you upgrade your mhonarc package.
Solution : http://www.debian.org/security/2002/dsa-199
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.