Описание
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.83:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:2.1:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:2.2:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:2.32:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:2.34:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:2.35:*:*:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable_professional:2.351:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.0277
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
EPSS
Процентиль: 86%
0.0277
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other