Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Apr 16, 2026

CVE-2002-0738

Description

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.

Affected products

Mhonarc/Mhonarc3 versions
cpe:2.3:a:mhonarc:mhonarc:2.5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mhonarc:mhonarc:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mhonarc:mhonarc:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mhonarc:mhonarc:2.5.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.iss.net/security_center/static/8894.phpnvdPatchVendor Advisory
www.securityfocus.com/bid/4546nvdPatchVendor Advisory
www.mhonarc.org/MHonArc/CHANGESnvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2002-04/0260.htmlnvd
www.debian.org/security/2002/dsa-163nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000