Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2007-0651
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- None
- Integrity Impact
- Partial
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.83:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:2.35:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:2.34:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:2.32:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:2.2:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:2.351:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:2.1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://secunia.com/secunia_research/2007-38/advisory/
- http://www.mailenable.com/Professional20-ReleaseNotes.txt
- http://www.securityfocus.com/bid/22554
- http://secunia.com/advisories/23998
- http://securityreason.com/securityalert/2258
- http://osvdb.org/33189
- http://osvdb.org/33190
- http://osvdb.org/33188
- http://www.vupen.com/english/advisories/2007/0595
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32480
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32476
- http://www.securityfocus.com/archive/1/460063/100/0/threaded