[] NeoSense
E X P L O I T S
title author type platform port cve id

Mhonarc 2.5.x - Mail Header HTML Injection

Author: Steven Christey
type: remote
platform: linux
port: 
date_added: 2002-11-19 
date_updated: 2012-10-17 
verified: 1 
codes: CVE-2002-1307;OSVDB-7353 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/6204/info

A HTML injection vulnerability has been discovered in Mhonarc.

An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the message to HTML, any malicious HTML code will be executed within the context of the displayed web page.

To: <someone@example.com>
From: <hacker@example.com>
Header<SCRIPT>hello</SCRIPT>def: whatever
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.