CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mailenable: >> Mailenable Professional >> 2.351 Security Vulnerabilities

CVE-2007-0651

Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.

CVSS Score

4.3

EPSS Score

0.028

Published

2007-02-15

CVE-2007-0652

Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.

CVSS Score

5.1

EPSS Score

0.021

Published

2007-02-15

Page 1

Vulnerabilities

Vulnerable Software

Mailenable: >> Mailenable Professional >> 2.351 Security Vulnerabilities

Products

Pricing

Contact Us