CVE-2012-0389

Опубликовано: 24 янв. 2012

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html
Exploit
http://osvdb.org/78242
http://secunia.com/advisories/47518
Vendor Advisory
http://secunia.com/advisories/47562
Vendor Advisory
http://www.exploit-db.com/exploits/18447
http://www.mailenable.com/kb/Content/Article.asp?ID=me020567
Patch
Vendor Advisory
http://www.nerv.fi/CVE-2012-0389.txt
Exploit
http://www.securityfocus.com/bid/51401
Exploit
http://www.securitytracker.com/id?1026519
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72380
http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html
Exploit
http://osvdb.org/78242
http://secunia.com/advisories/47518
Vendor Advisory
http://secunia.com/advisories/47562
Vendor Advisory
http://www.exploit-db.com/exploits/18447
http://www.mailenable.com/kb/Content/Article.asp?ID=me020567
Patch
Vendor Advisory
http://www.nerv.fi/CVE-2012-0389.txt
Exploit
http://www.securityfocus.com/bid/51401
Exploit
http://www.securitytracker.com/id?1026519
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72380

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mailenable:mailenable:*:-:pro:*:*:*:*:*

Версия до 4.26 (включая)

cpe:2.3:a:mailenable:mailenable:1.2:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.2a:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.5:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.6:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.7:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.17:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.18:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.19:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.51:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.52:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.53:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.54:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.70:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.71:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.72:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.73:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.74:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.75:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.76:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.77:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.78:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.79:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.0:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.01:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.02:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.03:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.04:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.5:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.6:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.10:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.11:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.12:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.13:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.14:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.51:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.52:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.52:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.53:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.61:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.62:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.63:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.0:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.1:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.01:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.11:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.12:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.13:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.14:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.15:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.16:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.17:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.22:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.23:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.24:-:pro:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.25:-:pro:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:mailenable:mailenable:*:-:enterprise:*:*:*:*:*

Версия до 4.26 (включая)

cpe:2.3:a:mailenable:mailenable:1.00:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.1:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.01:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.02:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.2:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.03:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.04:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.21:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.22:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.23:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.24:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.25:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:1.26:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.0:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.01:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.02:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.03:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.04:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.5:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.6:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.10:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.11:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.12:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.13:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.14:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.51:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.52:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.52:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.53:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.61:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.62:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:3.63:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.0:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.01:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.1:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.11:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.12:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.13:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.14:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.15:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.16:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.17:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.22:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.23:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.24:-:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.25:-:enterprise:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:mailenable:mailenable:*:*:premium:*:*:*:*:*

Версия до 4.26 (включая)

cpe:2.3:a:mailenable:mailenable:4.1:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.2:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.21:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.22:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.23:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.24:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:4.25:*:premium:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:mailenable:mailenable:5.0:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.01:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.02:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.03:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.04:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.5:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.05:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.06:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.07:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.10:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.11:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.51:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.52:*:professional:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:mailenable:mailenable:5.0:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.01:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.02:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.03:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.04:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.5:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.05:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.06:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.07:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.10:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.11:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.51:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.52:*:enterprise:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:mailenable:mailenable:5.0:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.01:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.02:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.03:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.04:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.05:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.5:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.06:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.07:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.10:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.11:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.51:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:5.52:*:premium:*:*:*:*:*

Конфигурация 7

Одно из

cpe:2.3:a:mailenable:mailenable:6.0:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:6.01:*:professional:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:6.02:*:professional:*:*:*:*:*

Конфигурация 8

Одно из

cpe:2.3:a:mailenable:mailenable:6.0:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:6.01:*:enterprise:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:6.02:*:enterprise:*:*:*:*:*

Конфигурация 9

Одно из

cpe:2.3:a:mailenable:mailenable:6.0:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:6.01:*:premium:*:*:*:*:*

cpe:2.3:a:mailenable:mailenable:6.02:*:premium:*:*:*:*:*

EPSS

Процентиль: 97%

0.33839

Средний

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-757w-c3r7-cxpp

github

почти 4 года назад

EPSS

Процентиль: 97%

0.33839

Средний

4.3 Medium

CVSS2

Дефекты

CWE-79