ME020567: MailEnable webmail cross-site scripting vulnerability (CWE-79)
References: CVE-2012-0389
Discovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah
Vendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567
Vendor contact: 2012-01-04 09:49:36 UTC
Vendor response: 2012-01-04 10:27:13 UTC (Peter Fregon from MailEnable)
Vendor fix and announcement: 2012-01-10 00:50:31 UTC
Vulnerability description:
MailEnable <http://www.mailenable.com/> Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via "Username" parameter of "ForgottonPassword.aspx" page is not properly sanitized. A specially crafted URL which a user clicks could gain access to the users cookies for webmail or execute other malicious code in users browser in context of the domain in use.
Remote: yes
Authentication required: no
User interaction required: yes
Affected:
- MailEnable Professional, Enterprise & Premium 4.26 and earlier
- MailEnable Professional, Enterprise & Premium 5.52 and earlier
- MailEnable Professional, Enterprise & Premium 6.02 and earlier
Not affected:
- MailEnable Standard is not affected.
PoC:
http://example.com/mewebmail/Mondo/lang/sys/ForgottenPassword.aspx?Username='};alert(/XSS/);{'
Resolution:
Users of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied:
1) Open the ForgottenPassword.aspx file in Notepad. This file is in the Mail Enable\bin\NETWebMail\Mondo\lang\[language] folders in version 4 and in Mail Enable\bin\NETWebMail\Mondo\lang\sys in version 5 and 6.
2) Locate and remove the following line, then save the file: document.getElementById("txtUsername").value = '<%= Request.Item("Username") %>';
- Henri Salo
{"id": "SECURITYVULNS:DOC:27554", "bulletinFamily": "software", "title": "ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389", "description": "ME020567: MailEnable webmail cross-site scripting vulnerability (CWE-79)\r\nReferences: CVE-2012-0389\r\nDiscovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah\r\nVendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567\r\nVendor contact: 2012-01-04 09:49:36 UTC\r\nVendor response: 2012-01-04 10:27:13 UTC (Peter Fregon from MailEnable)\r\nVendor fix and announcement: 2012-01-10 00:50:31 UTC\r\n\r\nVulnerability description:\r\n\r\nMailEnable <http://www.mailenable.com/> Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via "Username" parameter of "ForgottonPassword.aspx" page is not properly sanitized. A specially crafted URL which a user clicks could gain access to the users cookies for webmail or execute other malicious code in users browser in context of the domain in use.\r\n\r\nRemote: yes\r\nAuthentication required: no\r\nUser interaction required: yes\r\n\r\nAffected:\r\n\r\n- MailEnable Professional, Enterprise & Premium 4.26 and earlier\r\n- MailEnable Professional, Enterprise & Premium 5.52 and earlier\r\n- MailEnable Professional, Enterprise & Premium 6.02 and earlier\r\n\r\nNot affected:\r\n\r\n- MailEnable Standard is not affected.\r\n\r\nPoC:\r\n\r\nhttp://example.com/mewebmail/Mondo/lang/sys/ForgottenPassword.aspx?Username='};alert(/XSS/);{'\r\n\r\nResolution:\r\n\r\nUsers of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied:\r\n\r\n1) Open the ForgottenPassword.aspx file in Notepad. This file is in the Mail Enable\bin\NETWebMail\Mondo\lang\[language] folders in version 4 and in Mail Enable\bin\NETWebMail\Mondo\lang\sys in version 5 and 6.\r\n2) Locate and remove the following line, then save the file: document.getElementById("txtUsername").value = '<%= Request.Item("Username") %>';\r\n\r\n- Henri Salo\r\n", "published": "2012-01-16T00:00:00", "modified": "2012-01-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27554", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2012-0389"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "edition": 1, "viewCount": 28, "enchantments": {"score": {"value": -0.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0389"]}, {"type": "exploitdb", "idList": ["EDB-ID:18447"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E6563E86D2BA8D51AAF8F54A6B395FF6"]}, {"type": "nessus", "idList": ["MAILENABLE_FORGOTTENPASSWORD_XSS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103388"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:108640"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12142"]}, {"type": "seebug", "idList": ["SSV:72551"]}]}, "backreferences": {"references": [{"type": "canvas", "idList": ["MAILENABLE"]}, {"type": "cve", "idList": ["CVE-2012-0389"]}, {"type": "nessus", "idList": ["MAILENABLE_FORGOTTENPASSWORD_XSS.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12142"]}]}, "exploitation": null, "vulnersScore": -0.4}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659961154, "score": 1659961989}, "_internal": {"score_hash": "21715ae621754a52d7fe3462a14831ee"}}
{"cve": [{"lastseen": "2022-03-23T11:38:18", "description": "Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.", "cvss3": {}, "published": "2012-01-24T18:55:00", "type": "cve", "title": "CVE-2012-0389", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0389"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:mailenable:mailenable:1.71", "cpe:/a:mailenable:mailenable:1.72", "cpe:/a:mailenable:mailenable:1.21", "cpe:/a:mailenable:mailenable:3.52", "cpe:/a:mailenable:mailenable:5.05", "cpe:/a:mailenable:mailenable:5.07", "cpe:/a:mailenable:mailenable:1.52", "cpe:/a:mailenable:mailenable:1.00", "cpe:/a:mailenable:mailenable:4.13", "cpe:/a:mailenable:mailenable:1.22", "cpe:/a:mailenable:mailenable:1.53", "cpe:/a:mailenable:mailenable:1.73", "cpe:/a:mailenable:mailenable:1.5", "cpe:/a:mailenable:mailenable:3.5", "cpe:/a:mailenable:mailenable:1.77", "cpe:/a:mailenable:mailenable:3.6", "cpe:/a:mailenable:mailenable:4.22", "cpe:/a:mailenable:mailenable:6.01", "cpe:/a:mailenable:mailenable:4.12", "cpe:/a:mailenable:mailenable:1.76", "cpe:/a:mailenable:mailenable:5.52", "cpe:/a:mailenable:mailenable:5.0", "cpe:/a:mailenable:mailenable:1.54", "cpe:/a:mailenable:mailenable:1.78", "cpe:/a:mailenable:mailenable:1.02", "cpe:/a:mailenable:mailenable:1.17", "cpe:/a:mailenable:mailenable:1.1", "cpe:/a:mailenable:mailenable:5.5", "cpe:/a:mailenable:mailenable:3.02", "cpe:/a:mailenable:mailenable:5.06", "cpe:/a:mailenable:mailenable:1.79", "cpe:/a:mailenable:mailenable:1.19", "cpe:/a:mailenable:mailenable:1.2", "cpe:/a:mailenable:mailenable:5.11", "cpe:/a:mailenable:mailenable:4.25", "cpe:/a:mailenable:mailenable:3.14", "cpe:/a:mailenable:mailenable:4.11", "cpe:/a:mailenable:mailenable:1.04", "cpe:/a:mailenable:mailenable:4.14", "cpe:/a:mailenable:mailenable:1.7", "cpe:/a:mailenable:mailenable:1.51", "cpe:/a:mailenable:mailenable:4.16", "cpe:/a:mailenable:mailenable:4.0", "cpe:/a:mailenable:mailenable:1.18", "cpe:/a:mailenable:mailenable:1.26", "cpe:/a:mailenable:mailenable:1.75", "cpe:/a:mailenable:mailenable:3.10", "cpe:/a:mailenable:mailenable:4.17", "cpe:/a:mailenable:mailenable:3.03", "cpe:/a:mailenable:mailenable:4.23", "cpe:/a:mailenable:mailenable:3.51", "cpe:/a:mailenable:mailenable:3.63", "cpe:/a:mailenable:mailenable:3.61", "cpe:/a:mailenable:mailenable:1.01", "cpe:/a:mailenable:mailenable:1.2a", "cpe:/a:mailenable:mailenable:3.62", "cpe:/a:mailenable:mailenable:1.70", "cpe:/a:mailenable:mailenable:5.51", "cpe:/a:mailenable:mailenable:4.1", "cpe:/a:mailenable:mailenable:1.24", "cpe:/a:mailenable:mailenable:3.04", "cpe:/a:mailenable:mailenable:4.2", "cpe:/a:mailenable:mailenable:4.01", "cpe:/a:mailenable:mailenable:3.11", "cpe:/a:mailenable:mailenable:4.15", "cpe:/a:mailenable:mailenable:1.03", "cpe:/a:mailenable:mailenable:5.03", "cpe:/a:mailenable:mailenable:3.53", "cpe:/a:mailenable:mailenable:3.12", "cpe:/a:mailenable:mailenable:5.10", "cpe:/a:mailenable:mailenable:3.0", "cpe:/a:mailenable:mailenable:1.6", "cpe:/a:mailenable:mailenable:4.26", "cpe:/a:mailenable:mailenable:1.25", "cpe:/a:mailenable:mailenable:5.01", "cpe:/a:mailenable:mailenable:3.13", "cpe:/a:mailenable:mailenable:4.24", "cpe:/a:mailenable:mailenable:1.74", "cpe:/a:mailenable:mailenable:1.23", "cpe:/a:mailenable:mailenable:4.21", "cpe:/a:mailenable:mailenable:5.02", "cpe:/a:mailenable:mailenable:6.02", "cpe:/a:mailenable:mailenable:3.01", "cpe:/a:mailenable:mailenable:6.0", "cpe:/a:mailenable:mailenable:5.04"], "id": "CVE-2012-0389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0389", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mailenable:mailenable:1.21:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.1:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.73:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.03:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.07:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.63:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.2:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.5:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.51:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.14:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.02:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.61:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.17:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.0:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.6:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.02:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.0:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.0:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.13:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.51:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.07:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.0:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.06:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.22:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.01:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.1:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.52:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.77:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.05:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.23:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.11:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.01:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.12:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.14:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.51:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.04:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.53:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.25:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.1:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.0:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.26:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.54:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.52:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.63:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.52:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.52:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.04:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.02:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.01:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.03:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.15:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.26:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.02:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.25:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.24:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.61:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.62:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.0:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.01:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.15:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.00:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.6:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.1:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.02:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.23:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.01:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.10:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.52:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.51:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.01:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.01:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.04:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.14:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.12:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.12:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.03:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.76:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.25:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.23:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.02:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.53:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.2a:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.11:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.25:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.13:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.5:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.02:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.62:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.01:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.07:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.52:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.2:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.05:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.04:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.2:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.5:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.70:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.11:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.52:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.24:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.10:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.24:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.5:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.7:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.22:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.11:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.04:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.03:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.02:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.78:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.13:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.74:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.75:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.71:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.26:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.06:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.05:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.02:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.06:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.23:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.11:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.0:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.01:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.22:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.52:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:6.0:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.01:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.10:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.0:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.51:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.5:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.03:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.16:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.12:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.26:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.14:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.6:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.51:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.13:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.16:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.72:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.17:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.11:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.5:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.18:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.79:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.0:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.01:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.03:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.53:*:professional:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.21:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.11:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.10:*:premium:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.17:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:5.04:*:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.22:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:4.24:-:pro:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:3.10:-:enterprise:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable:1.19:*:professional:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-05-08T19:07:41", "description": "MailEnable is prone to a cross-site scripting vulnerability because it\n fails to properly sanitize user-supplied input.", "cvss3": {}, "published": "2012-01-13T00:00:00", "type": "openvas", "title": "MailEnable 'ForgottonPassword.aspx' Cross Site Scripting Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0389"], "modified": "2020-05-06T00:00:00", "id": "OPENVAS:1361412562310103388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MailEnable 'ForgottonPassword.aspx' Cross Site Scripting Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103388\");\n script_version(\"2020-05-06T07:10:15+0000\");\n script_bugtraq_id(51401);\n script_cve_id(\"CVE-2012-0389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 07:10:15 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-01-13 10:03:24 +0100 (Fri, 13 Jan 2012)\");\n script_name(\"MailEnable 'ForgottonPassword.aspx' Cross Site Scripting Vulnerability\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/51401\");\n script_xref(name:\"URL\", value:\"http://www.mailenable.com/kb/Content/Article.asp?ID=me020567\");\n\n script_tag(name:\"summary\", value:\"MailEnable is prone to a cross-site scripting vulnerability because it\n fails to properly sanitize user-supplied input.\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage this issue to execute arbitrary script code\n in the browser of an unsuspecting user in the context of the affected\n site. This may allow the attacker to steal cookie-based authentication\n credentials and launch other attacks.\");\n\n script_tag(name:\"affected\", value:\"The following MailEnable versions are vulnerable:\n\n Professional, Enterprise, and Premium 4.26 and prior versions\n\n Professional, Enterprise, and Premium 5.52 and prior versions\n\n Professional, Enterprise, and Premium 6.02 and prior versions\");\n\n script_tag(name:\"solution\", value:\"Vendor updates are available. Please see the references for details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:80 );\nif( ! http_can_host_asp( port:port ) ) exit( 0 );\n\nforeach dir( make_list_unique( \"/mail\", \"/webmail\", http_cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/Mondo/lang/sys/login.aspx\";\n\n if( http_vuln_check( port:port, url:url, pattern:\"<title>MailEnable\" ) ) {\n\n url = dir + \"/Mondo/lang/sys/ForgottenPassword.aspx?Username=></script><script>alert(/xss-test/)</script>\";\n\n if( http_vuln_check( port:port, url:url, pattern:\"<script>alert\\(/xss-test/\\)</script>\", check_header:TRUE ) ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T15:01:04", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "MailEnable Webmail Cross-Site Scripting Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0389"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-72551", "id": "SSV:72551", "sourceData": "\n ME020567: MailEnable webmail cross-site scripting vulnerability (CWE-79)\r\nReferences: CVE-2012-0389\r\nDiscovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah\r\nVendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567\r\nVendor contact: 2012-01-04 09:49:36 UTC\r\nVendor response: 2012-01-04 10:27:13 UTC (Peter Fregon from MailEnable)\r\nVendor fix and announcement: 2012-01-10 00:50:31 UTC\r\n\r\nVulnerability description:\r\n\r\nMailEnable <http://www.mailenable.com/> Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via "Username" parameter of "ForgottonPassword.aspx" page is not properly sanitized. A specially crafted URL which a user clicks could gain access to the users cookies for webmail or execute other malicious code in users browser in context of the domain in use.\r\n\r\nRemote: yes\r\nAuthentication required: no\r\nUser interaction required: yes\r\n\r\nAffected:\r\n\r\n- MailEnable Professional, Enterprise & Premium 4.26 and earlier\r\n- MailEnable Professional, Enterprise & Premium 5.52 and earlier\r\n- MailEnable Professional, Enterprise & Premium 6.02 and earlier\r\n\r\nNot affected:\r\n\r\n- MailEnable Standard is not affected.\r\n\r\nPoC:\r\n\r\nhttp://server/mewebmail/Mondo/lang/sys/ForgottenPassword.aspx?Username='};alert(/XSS/);{'\r\n\r\nResolution:\r\n\r\nUsers of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied:\r\n\r\n1) Open the ForgottenPassword.aspx file in Notepad. This file is in the Mail Enable\\bin\\NETWebMail\\Mondo\\lang\\[language] folders in version 4 and in Mail Enable\\bin\\NETWebMail\\Mondo\\lang\\sys in version 5 and 6.\r\n2) Locate and remove the following line, then save the file: document.getElementById("txtUsername").value = '<%= Request.Item("Username") %>';\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-72551", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2021-06-08T19:03:18", "description": "Crossite scripting in ForgottonPassword.aspx", "edition": 2, "cvss3": {}, "published": "2012-01-16T00:00:00", "title": "MailEnable crossite scripting", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-0389"], "modified": "2012-01-16T00:00:00", "id": "SECURITYVULNS:VULN:12142", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12142", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:30", "description": "\nMailEnable Webmail - Cross-Site Scripting", "edition": 2, "cvss3": {}, "published": "2012-01-13T00:00:00", "title": "MailEnable Webmail - Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0389"], "modified": "2012-01-13T00:00:00", "id": "EXPLOITPACK:E6563E86D2BA8D51AAF8F54A6B395FF6", "href": "", "sourceData": "ME020567: MailEnable webmail cross-site scripting vulnerability (CWE-79)\nReferences: CVE-2012-0389\nDiscovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah\nVendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567\nVendor contact: 2012-01-04 09:49:36 UTC\nVendor response: 2012-01-04 10:27:13 UTC (Peter Fregon from MailEnable)\nVendor fix and announcement: 2012-01-10 00:50:31 UTC\n\nVulnerability description:\n\nMailEnable <http://www.mailenable.com/> Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via \"Username\" parameter of \"ForgottonPassword.aspx\" page is not properly sanitized. A specially crafted URL which a user clicks could gain access to the users cookies for webmail or execute other malicious code in users browser in context of the domain in use.\n\nRemote: yes\nAuthentication required: no\nUser interaction required: yes\n\nAffected:\n\n- MailEnable Professional, Enterprise & Premium 4.26 and earlier\n- MailEnable Professional, Enterprise & Premium 5.52 and earlier\n- MailEnable Professional, Enterprise & Premium 6.02 and earlier\n\nNot affected:\n\n- MailEnable Standard is not affected.\n\nPoC:\n\nhttp://server/mewebmail/Mondo/lang/sys/ForgottenPassword.aspx?Username='};alert(/XSS/);{'\n\nResolution:\n\nUsers of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied:\n\n1) Open the ForgottenPassword.aspx file in Notepad. This file is in the Mail Enable\\bin\\NETWebMail\\Mondo\\lang\\[language] folders in version 4 and in Mail Enable\\bin\\NETWebMail\\Mondo\\lang\\sys in version 5 and 6.\n2) Locate and remove the following line, then save the file: document.getElementById(\"txtUsername\").value = '<%= Request.Item(\"Username\") %>';", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2022-04-12T15:04:25", "description": "The webmail client bundled with MailEnable is affected by a cross-site scripting vulnerability in the ForgottenPassword.aspx script. The 'Username' parameter fails to properly sanitize user- supplied input. Successful exploitation would allow an attacker to steal cookies used for webmail access.", "cvss3": {"score": null, "vector": null}, "published": "2012-06-19T00:00:00", "type": "nessus", "title": "MailEnable ForgottenPassword.aspx Username Parameter XSS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0389"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mailenable:mailenable"], "id": "MAILENABLE_FORGOTTENPASSWORD_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/59569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59569);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2012-0389\");\n script_bugtraq_id(51401);\n script_xref(name:\"EDB-ID\", value:\"18447\");\n\n script_name(english:\"MailEnable ForgottenPassword.aspx Username Parameter XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The webmail client bundled with MailEnable is affected by a\ncross-site scripting vulnerability in the ForgottenPassword.aspx\nscript. The 'Username' parameter fails to properly sanitize user-\nsupplied input. Successful exploitation would allow an attacker to\nsteal cookies used for webmail access.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nerv.fi/CVE-2012-0389.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mailenable.com/kb/Content/Article.asp?ID=me020567\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MailEnable 5.53 / 6.03 or later.\n\nAlternatively, those with MailEnable 4 can apply the fix provided in\nthe referenced URL.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mailenable:mailenable\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mailenable_webmail_detect.nasl\");\n script_require_keys(\"www/mailenable_webmail\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\ninclude(\"url_func.inc\");\n\nport = get_http_port(default:80);\n\ninstall = get_install_from_kb(appname:\"mailenable_webmail\", port:port, exit_on_fail:TRUE);\ndir = install[\"dir\"];\ndir = ereg_replace(pattern:\"^(.*)/[^/]+\\.aspx\", replace:\"\\1\", string:dir);\n\n# Version 4.x will timeout when accessing ForgottenPassword.aspx\n# unless we first establish a new session.\nnew_session = http_send_recv3(method:\"GET\", item:install[\"dir\"], port:port, exit_on_fail:TRUE);\n\n# Versions 4.x\nif ('ForgottenPassword.aspx?Username=\"' >< new_session[2])\n{\n xss_test = '\"};alert(/' + SCRIPT_NAME + '-' + unixtime() + '/);{\"';\n}\n# Versions 5.x/6.x\nelse xss_test = \"'};alert(/\" + SCRIPT_NAME + \"-\" + unixtime() + \"/);{'\";\n\nexploit = test_cgi_xss(\n port : port,\n dirs : make_list(dir),\n cgi : \"/forgottenpassword.aspx\",\n qs : 'username=' + urlencode(str:xss_test),\n pass_str : xss_test,\n pass_re : 'function PageLoad()',\n silent : TRUE\n);\nif (exploit)\n{\n if (report_verbosity > 0)\n { \n report = \n '\\n' + 'Nessus was able to exploit the issue using the following sequence of' +\n '\\n' + 'URLs :' +\n '\\n' +\n '\\n ' + build_url(port:port, qs:install[\"dir\"]) +\n '\\n ' + build_url(port:port, qs:dir+\"/forgottenpassword.aspx?Username=\"+urlencode(str:xss_test)) +\n '\\n';\n }\n security_warning(port:port, extra:report);\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, \"MailEnable WebMail\", build_url(qs:install[\"dir\"], port:port));\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2016-12-05T22:12:25", "description": "", "cvss3": {}, "published": "2012-01-13T00:00:00", "type": "packetstorm", "title": "MailEnable Webmail Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0389"], "modified": "2012-01-13T00:00:00", "id": "PACKETSTORM:108640", "href": "https://packetstormsecurity.com/files/108640/MailEnable-Webmail-Cross-Site-Scripting.html", "sourceData": "`ME020567: MailEnable webmail cross-site scripting vulnerability (CWE-79) \nReferences: CVE-2012-0389 \nDiscovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah \nVendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 \nVendor contact: 2012-01-04 09:49:36 UTC \nVendor response: 2012-01-04 10:27:13 UTC (Peter Fregon from MailEnable) \nVendor fix and announcement: 2012-01-10 00:50:31 UTC \n \nVulnerability description: \n \nMailEnable <http://www.mailenable.com/> Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via \"Username\" parameter of \"ForgottonPassword.aspx\" page is not properly sanitized. A specially crafted URL which a user clicks could gain access to the users cookies for webmail or execute other malicious code in users browser in context of the domain in use. \n \nRemote: yes \nAuthentication required: no \nUser interaction required: yes \n \nAffected: \n \n- MailEnable Professional, Enterprise & Premium 4.26 and earlier \n- MailEnable Professional, Enterprise & Premium 5.52 and earlier \n- MailEnable Professional, Enterprise & Premium 6.02 and earlier \n \nNot affected: \n \n- MailEnable Standard is not affected. \n \nPoC: \n \nhttp://example.com/mewebmail/Mondo/lang/sys/ForgottenPassword.aspx?Username='};alert(/XSS/);{' \n \nResolution: \n \nUsers of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied: \n \n1) Open the ForgottenPassword.aspx file in Notepad. This file is in the Mail Enable\\bin\\NETWebMail\\Mondo\\lang\\[language] folders in version 4 and in Mail Enable\\bin\\NETWebMail\\Mondo\\lang\\sys in version 5 and 6. \n2) Locate and remove the following line, then save the file: document.getElementById(\"txtUsername\").value = '<%= Request.Item(\"Username\") %>'; \n \n- Henri Salo \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/108640/ME020567.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2022-08-16T09:07:32", "description": "", "cvss3": {}, "published": "2012-01-13T00:00:00", "type": "exploitdb", "title": "MailEnable Webmail - Cross-Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["2012-0389", "CVE-2012-0389"], "modified": "2012-01-13T00:00:00", "id": "EDB-ID:18447", "href": "https://www.exploit-db.com/exploits/18447", "sourceData": "ME020567: MailEnable webmail cross-site scripting vulnerability (CWE-79)\r\nReferences: CVE-2012-0389\r\nDiscovered by: Sajjad Pourali, Narendra Shinde and Shahab NamaziKhah\r\nVendor advisory: http://www.mailenable.com/kb/Content/Article.asp?ID=me020567\r\nVendor contact: 2012-01-04 09:49:36 UTC\r\nVendor response: 2012-01-04 10:27:13 UTC (Peter Fregon from MailEnable)\r\nVendor fix and announcement: 2012-01-10 00:50:31 UTC\r\n\r\nVulnerability description:\r\n\r\nMailEnable <http://www.mailenable.com/> Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via \"Username\" parameter of \"ForgottonPassword.aspx\" page is not properly sanitized. A specially crafted URL which a user clicks could gain access to the users cookies for webmail or execute other malicious code in users browser in context of the domain in use.\r\n\r\nRemote: yes\r\nAuthentication required: no\r\nUser interaction required: yes\r\n\r\nAffected:\r\n\r\n- MailEnable Professional, Enterprise & Premium 4.26 and earlier\r\n- MailEnable Professional, Enterprise & Premium 5.52 and earlier\r\n- MailEnable Professional, Enterprise & Premium 6.02 and earlier\r\n\r\nNot affected:\r\n\r\n- MailEnable Standard is not affected.\r\n\r\nPoC:\r\n\r\nhttp://server/mewebmail/Mondo/lang/sys/ForgottenPassword.aspx?Username='};alert(/XSS/);{'\r\n\r\nResolution:\r\n\r\nUsers of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied:\r\n\r\n1) Open the ForgottenPassword.aspx file in Notepad. This file is in the Mail Enable\\bin\\NETWebMail\\Mondo\\lang\\[language] folders in version 4 and in Mail Enable\\bin\\NETWebMail\\Mondo\\lang\\sys in version 5 and 6.\r\n2) Locate and remove the following line, then save the file: document.getElementById(\"txtUsername\").value = '<%= Request.Item(\"Username\") %>';", "sourceHref": "https://www.exploit-db.com/download/18447", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}