MailEnable.Webmail.XSS
Description
This indicates an attack attempt against a Cross Site Scripting vulnerability in MailEnable Webmail.
The vulnerability is caused because the user input filters fail to properly sanitize the Username parameter value that is passed to "ForgottonPassword.aspx". It may allow an attacker to inject arbitrary javascript code on a vulnerable system.
Affected Products
MailEnable Professional, Enterprise & Premium 4.26 and earlier
MailEnable Professional, Enterprise & Premium 5.x before 5.53
MailEnable Professional, Enterprise & Premium 6.x before 6.03
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version, available from the web site.
http://www.mailenable.com/download.asp
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |