CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
83.7%
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and © Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
Vendor | Product | Version | CPE |
---|---|---|---|
mailenable | mailenable_professional | 1.0.004 | cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.005 | cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.006 | cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.007 | cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.008 | cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.009 | cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.010 | cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.011 | cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.012 | cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:* |
mailenable | mailenable_professional | 1.0.013 | cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:* |
osvdb.org/33188
osvdb.org/33189
osvdb.org/33190
secunia.com/advisories/23998
secunia.com/secunia_research/2007-38/advisory/
securityreason.com/securityalert/2258
www.mailenable.com/Professional20-ReleaseNotes.txt
www.securityfocus.com/archive/1/460063/100/0/threaded
www.securityfocus.com/bid/22554
www.vupen.com/english/advisories/2007/0595
exchange.xforce.ibmcloud.com/vulnerabilities/32476
exchange.xforce.ibmcloud.com/vulnerabilities/32480