MailEnable.Webmail.XSS

description-logoDescription

This indicates an attack attempt against a Cross Site Scripting vulnerability in MailEnable Webmail.
The vulnerability is caused because the user input filters fail to properly sanitize the Username parameter value that is passed to "ForgottonPassword.aspx". It may allow an attacker to inject arbitrary javascript code on a vulnerable system.

affected-products-logoAffected Products

MailEnable Professional, Enterprise & Premium 4.26 and earlier
MailEnable Professional, Enterprise & Premium 5.x before 5.53
MailEnable Professional, Enterprise & Premium 6.x before 6.03

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the web site.
http://www.mailenable.com/download.asp

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)