MailEnable ForgottenPassword.aspx Username Parameter XSS

The webmail client bundled with MailEnable is affected by a cross-site scripting vulnerability in the ForgottenPassword.aspx script. The 'Username' parameter fails to properly sanitize user- supplied input. Successful exploitation would allow an attacker to steal cookies used for webmail access...

Cross site scripting

Cross-site scripting XSS vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter...

CVE-2012-0389

Cross-site scripting XSS vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter...

CVE-2012-0389

CVE-2012-0389 is an XSS vulnerability in MailEnable’s ForgottenPassword.aspx, affecting Professional/Enterprise/Premium editions up to specific versions (4.26 and earlier; 5.x before 5.53; 6.x before 6.03). The issue arises from insufficient sanitization of the Username input, allowing remote att...

MailEnable Webmail - Cross-Site Scripting

ME020567: MailEnable webmail cross-site scripting vulnerability CWE-79 References: CVE-2012-0389 Discovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah Vendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 Vendor contact: 2012-01-04 09:49:36 UTC Vendor...