Lucene search

[email protected]NVD:CVE-2012-0389

HistoryJan 24, 2012 - 6:55 p.m.

CVE-2012-0389

2012-01-2418:55:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.528

Percentile

97.6%

JSON

Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

Affected configurations

NVD

Node

mailenablemailenableRange≤4.26-pro

mailenablemailenableMatch1.2professional

mailenablemailenableMatch1.2aprofessional

mailenablemailenableMatch1.5professional

mailenablemailenableMatch1.6professional

mailenablemailenableMatch1.7professional

mailenablemailenableMatch1.17professional

mailenablemailenableMatch1.18professional

mailenablemailenableMatch1.19professional

mailenablemailenableMatch1.51professional

mailenablemailenableMatch1.52professional

mailenablemailenableMatch1.53professional

mailenablemailenableMatch1.54professional

mailenablemailenableMatch1.70professional

mailenablemailenableMatch1.71professional

mailenablemailenableMatch1.72professional

mailenablemailenableMatch1.73professional

mailenablemailenableMatch1.74professional

mailenablemailenableMatch1.75professional

mailenablemailenableMatch1.76professional

mailenablemailenableMatch1.77professional

mailenablemailenableMatch1.78professional

mailenablemailenableMatch1.79professional

mailenablemailenableMatch3.0-pro

mailenablemailenableMatch3.01-pro

mailenablemailenableMatch3.02-pro

mailenablemailenableMatch3.03-pro

mailenablemailenableMatch3.04-pro

mailenablemailenableMatch3.5-pro

mailenablemailenableMatch3.6-pro

mailenablemailenableMatch3.10-pro

mailenablemailenableMatch3.11-pro

mailenablemailenableMatch3.12-pro

mailenablemailenableMatch3.13-pro

mailenablemailenableMatch3.14-pro

mailenablemailenableMatch3.51-pro

mailenablemailenableMatch3.52professional

mailenablemailenableMatch3.52-pro

mailenablemailenableMatch3.53-pro

mailenablemailenableMatch3.61-pro

mailenablemailenableMatch3.62-pro

mailenablemailenableMatch3.63-pro

mailenablemailenableMatch4.0-pro

mailenablemailenableMatch4.1-pro

mailenablemailenableMatch4.01-pro

mailenablemailenableMatch4.11-pro

mailenablemailenableMatch4.12-pro

mailenablemailenableMatch4.13-pro

mailenablemailenableMatch4.14-pro

mailenablemailenableMatch4.15-pro

mailenablemailenableMatch4.16-pro

mailenablemailenableMatch4.17-pro

mailenablemailenableMatch4.22-pro

mailenablemailenableMatch4.23-pro

mailenablemailenableMatch4.24-pro

mailenablemailenableMatch4.25-pro

Node

mailenablemailenableRange≤4.26-enterprise

mailenablemailenableMatch1.00enterprise

mailenablemailenableMatch1.1enterprise

mailenablemailenableMatch1.01enterprise

mailenablemailenableMatch1.02enterprise

mailenablemailenableMatch1.2enterprise

mailenablemailenableMatch1.03enterprise

mailenablemailenableMatch1.04enterprise

mailenablemailenableMatch1.21enterprise

mailenablemailenableMatch1.22enterprise

mailenablemailenableMatch1.23enterprise

mailenablemailenableMatch1.24enterprise

mailenablemailenableMatch1.25enterprise

mailenablemailenableMatch1.26enterprise

mailenablemailenableMatch3.0-enterprise

mailenablemailenableMatch3.01-enterprise

mailenablemailenableMatch3.02-enterprise

mailenablemailenableMatch3.03-enterprise

mailenablemailenableMatch3.04-enterprise

mailenablemailenableMatch3.5-enterprise

mailenablemailenableMatch3.6-enterprise

mailenablemailenableMatch3.10-enterprise

mailenablemailenableMatch3.11-enterprise

mailenablemailenableMatch3.12-enterprise

mailenablemailenableMatch3.13-enterprise

mailenablemailenableMatch3.14-enterprise

mailenablemailenableMatch3.51-enterprise

mailenablemailenableMatch3.52enterprise

mailenablemailenableMatch3.52-enterprise

mailenablemailenableMatch3.53-enterprise

mailenablemailenableMatch3.61-enterprise

mailenablemailenableMatch3.62-enterprise

mailenablemailenableMatch3.63-enterprise

mailenablemailenableMatch4.0-enterprise

mailenablemailenableMatch4.01-enterprise

mailenablemailenableMatch4.1-enterprise

mailenablemailenableMatch4.11-enterprise

mailenablemailenableMatch4.12-enterprise

mailenablemailenableMatch4.13-enterprise

mailenablemailenableMatch4.14-enterprise

mailenablemailenableMatch4.15-enterprise

mailenablemailenableMatch4.16-enterprise

mailenablemailenableMatch4.17-enterprise

mailenablemailenableMatch4.22-enterprise

mailenablemailenableMatch4.23-enterprise

mailenablemailenableMatch4.24-enterprise

mailenablemailenableMatch4.25-enterprise

Node

mailenablemailenableRange≤4.26premium

mailenablemailenableMatch4.1premium

mailenablemailenableMatch4.2premium

mailenablemailenableMatch4.21premium

mailenablemailenableMatch4.22premium

mailenablemailenableMatch4.23premium

mailenablemailenableMatch4.24premium

mailenablemailenableMatch4.25premium

Node

mailenablemailenableMatch5.0professional

mailenablemailenableMatch5.01professional

mailenablemailenableMatch5.02professional

mailenablemailenableMatch5.03professional

mailenablemailenableMatch5.04professional

mailenablemailenableMatch5.5professional

mailenablemailenableMatch5.05professional

mailenablemailenableMatch5.06professional

mailenablemailenableMatch5.07professional

mailenablemailenableMatch5.10professional

mailenablemailenableMatch5.11professional

mailenablemailenableMatch5.51professional

mailenablemailenableMatch5.52professional

Node

mailenablemailenableMatch5.0enterprise

mailenablemailenableMatch5.01enterprise

mailenablemailenableMatch5.02enterprise

mailenablemailenableMatch5.03enterprise

mailenablemailenableMatch5.04enterprise

mailenablemailenableMatch5.5enterprise

mailenablemailenableMatch5.05enterprise

mailenablemailenableMatch5.06enterprise

mailenablemailenableMatch5.07enterprise

mailenablemailenableMatch5.10enterprise

mailenablemailenableMatch5.11enterprise

mailenablemailenableMatch5.51enterprise

mailenablemailenableMatch5.52enterprise

Node

mailenablemailenableMatch5.0premium

mailenablemailenableMatch5.01premium

mailenablemailenableMatch5.02premium

mailenablemailenableMatch5.03premium

mailenablemailenableMatch5.04premium

mailenablemailenableMatch5.05premium

mailenablemailenableMatch5.5premium

mailenablemailenableMatch5.06premium

mailenablemailenableMatch5.07premium

mailenablemailenableMatch5.10premium

mailenablemailenableMatch5.11premium

mailenablemailenableMatch5.51premium

mailenablemailenableMatch5.52premium

Node

mailenablemailenableMatch6.0professional

mailenablemailenableMatch6.01professional

mailenablemailenableMatch6.02professional

Node

mailenablemailenableMatch6.0enterprise

mailenablemailenableMatch6.01enterprise

mailenablemailenableMatch6.02enterprise

Node

mailenablemailenableMatch6.0premium

mailenablemailenableMatch6.01premium

mailenablemailenableMatch6.02premium

References

archives.neohapsis.com/archives/bugtraq/2012-01/0090.html

osvdb.org/78242

secunia.com/advisories/47518

secunia.com/advisories/47562

www.exploit-db.com/exploits/18447

www.mailenable.com/kb/Content/Article.asp?ID=me020567

www.nerv.fi/CVE-2012-0389.txt

www.securityfocus.com/bid/51401

www.securitytracker.com/id?1026519

exchange.xforce.ibmcloud.com/vulnerabilities/72380

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.528

Percentile

97.6%

JSON

Related for NVD:CVE-2012-0389

packetstorm1 openvas1 nessus1 securityvulns2 prion1 cve1 seebug1 exploitpack1 cvelist1 exploitdb1