Vulnerabilities > Apache > Pony Mail > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-22 | CVE-2019-0218 | Cross-site Scripting vulnerability in Apache Pony Mail A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. | 6.1 |
| 2018-10-04 | CVE-2017-5658 | Information Exposure vulnerability in Apache Pony Mail The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. | 5.3 |