CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

NVD•added 2026/02/19 6:24 p.m.•5 views

CVE-2026-23608

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON "name" field to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save, which is stored...

5.4CVSS0.00173EPSS

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23608

5.4CVSS5.8AI score0.00173EPSS

Exploits0References2

Vulnrichment•added 2026/02/19 5:55 p.m.•5 views

CVE-2026-23608 GFI MailEssentials AI < 22.4 Email Management Mail Monitoring Rule Stored XSS

5.4CVSS5.4AI score0.00173EPSS

Exploits0References2

Cvelist•added 2026/02/19 5:55 p.m.•22 views

CVE-2026-23608 GFI MailEssentials AI < 22.4 Email Management Mail Monitoring Rule Stored XSS

5.4CVSS0.00173EPSS

Exploits0References2

CVE•added 2026/02/19 5:55 p.m.•17 views

CVE-2026-23608

GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can submit HTML/JavaScript in the JSON field named "name" to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save; t...

5.4CVSS5.4AI score0.00173EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•6 views

PT-2026-20888

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions before 22.4 have a stored cross-site scripting issue. An authenticated user can inject HTML or JavaScript code into the JSON name field within the...

5.4CVSS5.4AI score0.00173EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by