CVE-2007-0651
6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.01 Low
EPSS
Percentile
83.4%
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and © Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
References
osvdb.org/33188
osvdb.org/33189
osvdb.org/33190
secunia.com/advisories/23998
secunia.com/secunia_research/2007-38/advisory/
securityreason.com/securityalert/2258
www.mailenable.com/Professional20-ReleaseNotes.txt
www.securityfocus.com/archive/1/460063/100/0/threaded
www.securityfocus.com/bid/22554
www.vupen.com/english/advisories/2007/0595
exchange.xforce.ibmcloud.com/vulnerabilities/32476
exchange.xforce.ibmcloud.com/vulnerabilities/32480
Social References
More
Related
6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.01 Low
EPSS
Percentile
83.4%