MHonArc HTML Script Filter Bypass Vulnerability

MHonArc is a Perl program designed to automatically parse email into a HTML based archive format. MHonArc includes filtering support designed to strip dangerous tags from HTML email during this process, eliminating JavaScript.

A vulnerability has been discovered in some versions of MHonArc. Maliciously constructed HTML mail may bypass this filtering process and inject valid script code into the archive.


Privacy Statement
Copyright 2010, SecurityFocus