{"url":"http://public2.vulnerablecode.io/api/packages/94862?format=json","purl":"pkg:deb/debian/mhonarc@2.6.24-1?distro=trixie","type":"deb","namespace":"debian","name":"mhonarc","version":"2.6.24-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.5.11-1","latest_non_vulnerable_version":"2.6.24-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201734?format=json","vulnerability_id":"VCID-5esp-wt93-b3g8","summary":"MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1677","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1677"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94865?format=json","purl":"pkg:deb/debian/mhonarc@2.6.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94861?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94859?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94862?format=json","purl":"pkg:deb/debian/mhonarc@2.6.24-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.24-1%3Fdistro=trixie"}],"aliases":["CVE-2010-1677"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5esp-wt93-b3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201845?format=json","vulnerability_id":"VCID-f363-h5ex-j7a5","summary":"Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4524","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4524"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693","reference_id":"607693","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94865?format=json","purl":"pkg:deb/debian/mhonarc@2.6.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94861?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94859?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94862?format=json","purl":"pkg:deb/debian/mhonarc@2.6.24-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.24-1%3Fdistro=trixie"}],"aliases":["CVE-2010-4524"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f363-h5ex-j7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199436?format=json","vulnerability_id":"VCID-jrsv-n7dw-6bhy","summary":"Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1388","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1388"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94864?format=json","purl":"pkg:deb/debian/mhonarc@2.5.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.5.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94861?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94859?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94862?format=json","purl":"pkg:deb/debian/mhonarc@2.6.24-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.24-1%3Fdistro=trixie"}],"aliases":["CVE-2002-1388"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrsv-n7dw-6bhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199413?format=json","vulnerability_id":"VCID-m3vr-y278-6qcx","summary":"Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1307"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94863?format=json","purl":"pkg:deb/debian/mhonarc@2.5.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.5.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94861?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94859?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94862?format=json","purl":"pkg:deb/debian/mhonarc@2.6.24-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.24-1%3Fdistro=trixie"}],"aliases":["CVE-2002-1307"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3vr-y278-6qcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199375?format=json","vulnerability_id":"VCID-zjpy-a8qx-cbf2","summary":"MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using \"&={script}\" syntax.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94860?format=json","purl":"pkg:deb/debian/mhonarc@2.5.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.5.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94861?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94859?format=json","purl":"pkg:deb/debian/mhonarc@2.6.19-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.19-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94862?format=json","purl":"pkg:deb/debian/mhonarc@2.6.24-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.24-1%3Fdistro=trixie"}],"aliases":["CVE-2002-0738"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjpy-a8qx-cbf2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mhonarc@2.6.24-1%3Fdistro=trixie"}