CVE-2026-23619

🗓️ 19 Feb 2026 18:00:09Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 6 Views🌐 WEB

Stored XSS in Local Domains allows authenticated users to inject HTML in description.

Reporter	Title	Published	Views	Family All 6
CNNVD	GFI MailEssentials AI 安全漏洞	19 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-23619 GFI MailEssentials AI < 22.4 General Settings Local Domains Domain Description Stored XSS	19 Feb 202618:00	–	cvelist
NVD	CVE-2026-23619	19 Feb 202618:24	–	nvd
Positive Technologies	PT-2026-20899	19 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-23619	20 Feb 202619:40	–	redhatcve
Vulnrichment	CVE-2026-23619 GFI MailEssentials AI < 22.4 General Settings Local Domains Domain Description Stored XSS	19 Feb 202618:00	–	vulnrichment

NVD

Vulners

CNA

Node

gfi mailessentialsRange<22.4

[
  {
    "defaultStatus": "unaffected",
    "product": "MailEssentials AI",
    "vendor": "GFI Software",
    "versions": [
      {
        "lessThan": "22.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
gfi	www.gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases
vulncheck	www.vulncheck.com/advisories/gfi-mailessentials-ai-general-settings-local-domains-domain-description-stored-xss

Parameter	Position	Path	Description	CWE
ctl00$ContentPlaceHolder1$Pv3$txtDescription	request body	MailEssentials/pages/MailSecurity/general.aspx	Stored cross-site scripting in MailEssentials Local Domains settings via ctl00$ContentPlaceHolder1$Pv3$txtDescription on /MailEssentials/pages/MailSecurity/general.aspx; input is stored and later rendered in the management interface.	CWE-79

14 May 2026 02:09Current

5.4Medium risk

Vulners AI Score5.4

CVSS 45.1

CVSS 3.15.4

EPSS0.00045

SSVC

CWE-79