Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0389

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0389
Last Modified 16 Feb 2012 11:11:11
Published 24 Jan 2012 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0389

Summary

Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

Vulnerable Systems

Application

  • Mailenable 1.00

  • Mailenable 1.01

  • Mailenable 1.02

  • Mailenable 1.03

  • Mailenable 1.04

  • Mailenable 1.1

  • Mailenable 1.17

  • Mailenable 1.18

  • Mailenable 1.19

  • Mailenable 1.2

  • Mailenable 1.21

  • Mailenable 1.22

  • Mailenable 1.23

  • Mailenable 1.24

  • Mailenable 1.25

  • Mailenable 1.26

  • Mailenable 1.2a

  • Mailenable 1.5

  • Mailenable 1.51

  • Mailenable 1.52

  • Mailenable 1.53

  • Mailenable 1.54

  • Mailenable 1.6

  • Mailenable 1.7

  • Mailenable 1.70

  • Mailenable 1.71

  • Mailenable 1.72

  • Mailenable 1.73

  • Mailenable 1.74

  • Mailenable 1.75

  • Mailenable 1.76

  • Mailenable 1.77

  • Mailenable 1.78

  • Mailenable 1.79

  • Mailenable 3.0

  • Mailenable 3.01

  • Mailenable 3.02

  • Mailenable 3.03

  • Mailenable 3.04

  • Mailenable 3.10

  • Mailenable 3.11

  • Mailenable 3.12

  • Mailenable 3.13

  • Mailenable 3.14

  • Mailenable 3.5

  • Mailenable 3.51

  • Mailenable 3.52

  • Mailenable 3.53

  • Mailenable 3.6

  • Mailenable 3.61

  • Mailenable 3.62

  • Mailenable 3.63

  • Mailenable 4.0

  • Mailenable 4.01

  • Mailenable 4.1

  • Mailenable 4.11

  • Mailenable 4.12

  • Mailenable 4.13

  • Mailenable 4.14

  • Mailenable 4.15

  • Mailenable 4.16

  • Mailenable 4.17

  • Mailenable 4.2

  • Mailenable 4.21

  • Mailenable 4.22

  • Mailenable 4.23

  • Mailenable 4.24

  • Mailenable 4.25

  • Mailenable 4.26

  • Mailenable 5.0

  • Mailenable 5.01

  • Mailenable 5.02

  • Mailenable 5.03

  • Mailenable 5.04

  • Mailenable 5.05

  • Mailenable 5.06

  • Mailenable 5.07

  • Mailenable 5.10

  • Mailenable 5.11

  • Mailenable 5.5

  • Mailenable 5.51

  • Mailenable 5.52

  • Mailenable 6.0

  • Mailenable 6.01

  • Mailenable 6.02


References

XF - mailenable-forgottenpassword-xss(72380)

SECTRACK - 1026519

BID - 51401

MISC - http://www.nerv.fi/CVE-2012-0389.txt

CONFIRM - http://www.mailenable.com/kb/Content/Article.asp?ID=me020567

SECUNIA - 47562

SECUNIA - 47518

OSVDB - 78242

BUGTRAQ - 20120112 ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389

EXPLOIT-DB - 18447


Last Updated: 27 May 2016 10:58:06