CVE-2026-23607 GFI MailEssentials AI < 22.4 Anti-Spam Whitelist Description Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtDescription parameter to...