Описание
MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability.
Ссылки
- Release NotesVendor Advisory
- Release NotesThird Party Advisory
- Release NotesVendor Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0 (включая) до 6.90 (исключая)Версия от 7.0 (включая) до 7.62 (исключая)Версия от 8.00 (включая) до 8.64 (исключая)Версия от 9.0 (включая) до 9.83 (исключая)Версия от 10.00 (включая) до 10.24 (исключая)
Одно из
cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*
cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*
cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*
cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*
cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability.
EPSS
Процентиль: 30%
0.0011
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79