Lucene search
K
GfiMailessentials

22 matches found

CVE
CVE
added 2025/04/28 6:50 p.m.83 views

CVE-2025-34489

CVE-2025-34489 affects GFI MailEssentials prior to version 21.8. A local privilege escalation is possible when a crafted serialized payload is sent to the .NET Remoting Service, allowing an attacker to elevate to NT Authority/SYSTEM. Public-advisory sources confirm impact on affected versions and...

7.8CVSS7.8AI score0.00269EPSS
CVE
CVE
added 2025/04/28 7:20 p.m.73 views

CVE-2025-34491

CVE-2025-34491 affects GFI MailEssentials prior to v21.8. The issue is a .NET deserialization flaw in the Multi-Server setup that allows a remote, authenticated attacker to execute arbitrary code by sending crafted serialized .NET data. Root cause: improper deserialization in the Multi-Server com...

8.8CVSS8.9AI score0.00743EPSS
CVE
CVE
added 2025/04/28 7:2 p.m.62 views

CVE-2025-34490

GFI MailEssentials

6.5CVSS6.4AI score0.00591EPSS
CVE
CVE
added 2026/02/19 5:55 p.m.58 views

CVE-2026-23608

GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can submit HTML/JavaScript in the JSON field named "name" to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save; t...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2005/01/06 5:0 a.m.57 views

CVE-2004-1312

The CVE-2004-1312 issue is a bug in a Microsoft HTML library used by third‑party products (notably GFI MailEssentials for Exchange and GFI MailSecurity for Exchange) that can cause remote denial of service when processing certain strings. Affected products include GFI MailEssentials (versions 9/1...

10CVSS6.6AI score0.0247EPSS
CVE
CVE
added 2026/02/19 5:57 p.m.32 views

CVE-2026-23611

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv1$txtIPDescription on /MailEssentials/pages/MailSecurity/ipblocklist.aspx, whic...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:54 p.m.31 views

CVE-2026-23604

GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting (XSS) vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of the /MailEssentials/pag...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:58 p.m.26 views

CVE-2026-23614

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the Sender Policy Framework IP Exceptions interface. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv2$txtIPDescription to /MailEssentials/pages/MailSecurity/SenderPolicyFramework.aspx; the in...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:58 p.m.23 views

CVE-2026-23616

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the Anti-Spoofing configuration page. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter on /MailEssentials/pages/MailSecurity/AntiSpoofing.aspx, whi...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 6:0 p.m.20 views

CVE-2026-23620

GFI MailEssentials AI (versions prior to 22.4) contains an information-disclosure vulnerability in ListServer.IsDBExist() at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can provide an unrestricted filesystem path in the JSON key "path" (URL-decoded and pass...

5.3CVSS5.8AI score0.00183EPSS
Web
CVE
CVE
added 2026/02/19 5:55 p.m.19 views

CVE-2026-23606

Technical details (affected product/version, root cause, fix) are not publicly available in the provided connected documents. Monitor for updates on CVE-2026-23606.

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:58 p.m.19 views

CVE-2026-23615

CVE-2026-23615 concerns GFI MailEssentials AI prior to version 22.4, where a stored cross-site scripting vulnerability exists in the Sender Policy Framework Email Exceptions interface. An authenticated user can inject HTML/JavaScript via the parameter ctl00$ContentPlaceHolder1$pv4$txtEmailDescrip...

5.4CVSS5.4AI score0.00163EPSS
Web
CVE
CVE
added 2026/02/19 5:59 p.m.18 views

CVE-2026-23617

GFI MailEssentials AI prior to 22.4 is affected by a stored XSS in the Spam Keyword Checking (Body) interface. An authenticated user can supply HTML/JavaScript to ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition in /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the payload is stored ...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:59 p.m.17 views

CVE-2026-23618

GFI MailEssentials AI versions before 22.4 are affected by a stored XSS in the Spam Keyword Checking (Subject) UI. An authenticated user can inject HTML/JS into the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition parameter of /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:56 p.m.16 views

CVE-2026-23609

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can submit HTML/JavaScript to ctl00$ContentPlaceHolder1$pv3$txtDescription on /MailEssentials/pages/MailSecurity/PerimeterSMT...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:56 p.m.15 views

CVE-2026-23610

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the POP2Exchange config endpoint. An authenticated user can inject HTML/JavaScript into the POP3 login field within the JSON "popServers" payload to /MailEssentials/pages/MailSecurity/POP2Exchange.aspx/Save; the input is stor...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 6:0 p.m.15 views

CVE-2026-23619

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$Pv3$txtDescription on /MailEssentials/pages/MailSecurity/general.aspx, which is st...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:54 p.m.14 views

CVE-2026-23605

GFI MailEssentials AI (before 22.4) contains a stored XSS in the Attachment Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of /MailEssentials/pages/MailSecurity/attachmentchecking.aspx. The input is ...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:55 p.m.14 views

CVE-2026-23607

GFI MailEssentials AI (versions before 22.4) contains a stored XSS in the Anti-Spam Whitelist management interface. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv1$txtDescription to /MailEssentials/pages/MailSecurity/Whitelist.aspx, which is stored and later ren...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:57 p.m.14 views

CVE-2026-23613

CVE-2026-23613 affects GFI MailEssentials AI prior to 22.4. A stored cross-site scripting vulnerability exists in the DNS Blocklist URI configuration page. An authenticated user can submit HTML/JavaScript via the ctl00$ContentPlaceHolder1$pv1$TXB_URIs parameter to /MailEssentials/pages/MailSecuri...

5.4CVSS5.4AI score0.00163EPSS
Web
CVE
CVE
added 2026/02/19 6:1 p.m.13 views

CVE-2026-23621

GFI MailEssentials AI versions prior to 22.4 contain an authentication-restricted directory existence enumeration vulnerability in ListServer.IsPathExist() (exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist). An authenticated user can supply an unrestricted filesystem path...

5.3CVSS5.8AI score0.00244EPSS
Web
CVE
CVE
added 2026/02/19 5:57 p.m.12 views

CVE-2026-23612

CVE-2026-23612 affects GFI MailEssentials AI versions prior to 22.4. The vulnerability is a stored cross-site scripting flaw in the IP DNS Blocklist configuration page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv1$TXB_IPs to /MailEssentials/pages/MailSecurity...

5.4CVSS5.4AI score0.00173EPSS
Web