13 matches found
CVE-2026-23618
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Subject conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXBSubjectCondition parameter to...
CVE-2026-23617
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Body conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXBCondition parameter to...
CVE-2026-23617
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Body conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXBCondition parameter to...
CVE-2026-23617
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Body conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXBCondition parameter to...
CVE-2026-23618 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Subject Condition Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Subject conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXBSubjectCondition parameter to...
CVE-2026-23618 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Subject Condition Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Subject conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXBSubjectCondition parameter to...
CVE-2026-23618
GFI MailEssentials AI versions before 22.4 are affected by a stored XSS in the Spam Keyword Checking (Subject) UI. An authenticated user can inject HTML/JS into the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition parameter of /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the...
CVE-2026-23617 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Body Condition Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Body conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXBCondition parameter to...
CVE-2026-23617 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Body Condition Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Body conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXBCondition parameter to...
CVE-2026-23617
GFI MailEssentials AI prior to 22.4 is affected by a stored XSS in the Spam Keyword Checking (Body) interface. An authenticated user can supply HTML/JavaScript to ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition in /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the payload is stored ...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage-oriented cross-site scripting...
PT-2026-20897
Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions before 22.4 are affected by a stored cross-site scripting issue. An authenticated user can inject HTML or JavaScript code into the...
PT-2026-20898
Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting issue. An authenticated user can inject HTML or JavaScript code into the...