Lucene search
K

21 matches found

CVE
CVE
added 2025/04/28 6:50 p.m.84 views

CVE-2025-34489

CVE-2025-34489 affects GFI MailEssentials prior to version 21.8. A local privilege escalation is possible when a crafted serialized payload is sent to the .NET Remoting Service, allowing an attacker to elevate to NT Authority/SYSTEM. Public-advisory sources confirm impact on affected versions and...

7.8CVSS7.8AI score0.00269EPSS
CVE
CVE
added 2025/04/28 7:20 p.m.73 views

CVE-2025-34491

CVE-2025-34491 affects GFI MailEssentials prior to v21.8. The issue is a .NET deserialization flaw in the Multi-Server setup that allows a remote, authenticated attacker to execute arbitrary code by sending crafted serialized .NET data. Root cause: improper deserialization in the Multi-Server com...

8.8CVSS8.9AI score0.00743EPSS
CVE
CVE
added 2025/04/28 7:2 p.m.62 views

CVE-2025-34490

GFI MailEssentials

6.5CVSS6.4AI score0.00591EPSS
CVE
CVE
added 2026/02/19 5:55 p.m.60 views

CVE-2026-23608

GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can submit HTML/JavaScript in the JSON field named "name" to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save; t...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:57 p.m.34 views

CVE-2026-23611

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv1$txtIPDescription on /MailEssentials/pages/MailSecurity/ipblocklist.aspx, whic...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:54 p.m.33 views

CVE-2026-23604

GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting (XSS) vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of the /MailEssentials/pag...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:58 p.m.29 views

CVE-2026-23614

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the Sender Policy Framework IP Exceptions interface. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv2$txtIPDescription to /MailEssentials/pages/MailSecurity/SenderPolicyFramework.aspx; the in...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:58 p.m.24 views

CVE-2026-23616

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the Anti-Spoofing configuration page. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter on /MailEssentials/pages/MailSecurity/AntiSpoofing.aspx, whi...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 6:0 p.m.21 views

CVE-2026-23620

GFI MailEssentials AI (versions prior to 22.4) contains an information-disclosure vulnerability in ListServer.IsDBExist() at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can provide an unrestricted filesystem path in the JSON key "path" (URL-decoded and pass...

5.3CVSS5.8AI score0.00183EPSS
Web
CVE
CVE
added 2026/02/19 5:58 p.m.20 views

CVE-2026-23615

CVE-2026-23615 concerns GFI MailEssentials AI prior to version 22.4, where a stored cross-site scripting vulnerability exists in the Sender Policy Framework Email Exceptions interface. An authenticated user can inject HTML/JavaScript via the parameter ctl00$ContentPlaceHolder1$pv4$txtEmailDescrip...

5.4CVSS5.4AI score0.00163EPSS
Web
CVE
CVE
added 2026/02/19 5:55 p.m.19 views

CVE-2026-23606

Technical details (affected product/version, root cause, fix) are not publicly available in the provided connected documents. Monitor for updates on CVE-2026-23606.

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:59 p.m.19 views

CVE-2026-23617

GFI MailEssentials AI prior to 22.4 is affected by a stored XSS in the Spam Keyword Checking (Body) interface. An authenticated user can supply HTML/JavaScript to ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition in /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the payload is stored ...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:59 p.m.18 views

CVE-2026-23618

GFI MailEssentials AI versions before 22.4 are affected by a stored XSS in the Spam Keyword Checking (Subject) UI. An authenticated user can inject HTML/JS into the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition parameter of /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:55 p.m.17 views

CVE-2026-23607

GFI MailEssentials AI (versions before 22.4) contains a stored XSS in the Anti-Spam Whitelist management interface. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv1$txtDescription to /MailEssentials/pages/MailSecurity/Whitelist.aspx, which is stored and later ren...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:56 p.m.16 views

CVE-2026-23609

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can submit HTML/JavaScript to ctl00$ContentPlaceHolder1$pv3$txtDescription on /MailEssentials/pages/MailSecurity/PerimeterSMT...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:57 p.m.16 views

CVE-2026-23612

CVE-2026-23612 affects GFI MailEssentials AI versions prior to 22.4. The vulnerability is a stored cross-site scripting flaw in the IP DNS Blocklist configuration page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv1$TXB_IPs to /MailEssentials/pages/MailSecurity...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:56 p.m.15 views

CVE-2026-23610

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the POP2Exchange config endpoint. An authenticated user can inject HTML/JavaScript into the POP3 login field within the JSON "popServers" payload to /MailEssentials/pages/MailSecurity/POP2Exchange.aspx/Save; the input is stor...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 6:0 p.m.15 views

CVE-2026-23619

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$Pv3$txtDescription on /MailEssentials/pages/MailSecurity/general.aspx, which is st...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:54 p.m.14 views

CVE-2026-23605

GFI MailEssentials AI (before 22.4) contains a stored XSS in the Attachment Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of /MailEssentials/pages/MailSecurity/attachmentchecking.aspx. The input is ...

5.4CVSS5.4AI score0.00173EPSS
Web
CVE
CVE
added 2026/02/19 5:57 p.m.14 views

CVE-2026-23613

CVE-2026-23613 affects GFI MailEssentials AI prior to 22.4. A stored cross-site scripting vulnerability exists in the DNS Blocklist URI configuration page. An authenticated user can submit HTML/JavaScript via the ctl00$ContentPlaceHolder1$pv1$TXB_URIs parameter to /MailEssentials/pages/MailSecuri...

5.4CVSS5.4AI score0.00163EPSS
Web
CVE
CVE
added 2026/02/19 6:1 p.m.14 views

CVE-2026-23621

GFI MailEssentials AI versions prior to 22.4 contain an authentication-restricted directory existence enumeration vulnerability in ListServer.IsPathExist() (exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist). An authenticated user can supply an unrestricted filesystem path...

5.3CVSS5.8AI score0.00244EPSS
Web