13 matches found
CVE-2026-23605
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-23604
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-23605
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-23604
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-23606
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...
CVE-2026-23606 GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...
CVE-2026-23605 GFI MailEssentials AI < 22.4 Attachment Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-23605
GFI MailEssentials AI (before 22.4) contains a stored XSS in the Attachment Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of /MailEssentials/pages/MailSecurity/attachmentchecking.aspx. The input is ...
CVE-2026-23604 GFI MailEssentials AI < 22.4 Keyword Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2025-9356
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can le...
CVE-2025-9356
CVE-2025-9356 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 with firmware versions 1.0.013.001 through 1.2.07.001. The vulnerability is in the inboundFilterAdd function in /goform/inboundFilterAdd, where manipulating the ruleName argument can trigger a stack-based buffer overflow. The...
CVE-2025-44893
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the webaclmgmtRulesApplypost function...
CVE-2022-29950
Experian Hunter 1.16 is described as allowing remote authenticated users to modify assumed-immutable elements via (1) the rule name parameter on the Rules page or (2) the subrule name or (3) the categories name parameters on the Subrules page. Red Hat and NVD entries reiterate this description, a...