CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23610

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP3 server login field within the JSON \"popServers\" payload to /MailEssentials/pages/MailSecurity/POP2Exchange.aspx/Save, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.5%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2026-23610

Gfi » Mailessentials » Version: 20

cpe:2.3:a:gfi:mailessentials:20
Gfi » Mailessentials » Version: 20.1

cpe:2.3:a:gfi:mailessentials:20.1
Gfi » Mailessentials » Version: 20.2

cpe:2.3:a:gfi:mailessentials:20.2
Gfi » Mailessentials » Version: 20.3

cpe:2.3:a:gfi:mailessentials:20.3
Gfi » Mailessentials » Version: 21.0

cpe:2.3:a:gfi:mailessentials:21.0
Gfi » Mailessentials » Version: 21.1

cpe:2.3:a:gfi:mailessentials:21.1
Gfi » Mailessentials » Version: 21.2

cpe:2.3:a:gfi:mailessentials:21.2
Gfi » Mailessentials » Version: 21.3

cpe:2.3:a:gfi:mailessentials:21.3
Gfi » Mailessentials » Version: 21.4

cpe:2.3:a:gfi:mailessentials:21.4
Gfi » Mailessentials » Version: 21.5

cpe:2.3:a:gfi:mailessentials:21.5
Gfi » Mailessentials » Version: 21.6

cpe:2.3:a:gfi:mailessentials:21.6
Gfi » Mailessentials » Version: 21.7

cpe:2.3:a:gfi:mailessentials:21.7
Gfi » Mailessentials » Version: 21.8

cpe:2.3:a:gfi:mailessentials:21.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23610

Products

Pricing

Contact Us