CVE-2002-1958 Information

Description

Cross-site scripting (XSS) vulnerability in kmMail 1.0 1.0a and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in \safe\ HTML tags such as the \b\ tag or (2) the Subject field.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2002-October/002207.html http://sourceforge.net/forum/forum.php?forum_id=191501 http://www.iss.net/security_center/static/9507.php http://www.securityfocus.com/bid/5173 http://www.securityfocus.com/bid/6013