4.3

CVE-2007-0651

EPSS 2.77%
Veröffentlicht 15.02.2007 23:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle PSIRT-CNA@flexerasoftware.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mailenable ≫ Mailenable Professional Version1.0.004

Mailenable ≫ Mailenable Professional Version1.0.005

Mailenable ≫ Mailenable Professional Version1.0.006

Mailenable ≫ Mailenable Professional Version1.0.007

Mailenable ≫ Mailenable Professional Version1.0.008

Mailenable ≫ Mailenable Professional Version1.0.009

Mailenable ≫ Mailenable Professional Version1.0.010

Mailenable ≫ Mailenable Professional Version1.0.011

Mailenable ≫ Mailenable Professional Version1.0.012

Mailenable ≫ Mailenable Professional Version1.0.013

Mailenable ≫ Mailenable Professional Version1.0.014

Mailenable ≫ Mailenable Professional Version1.0.015

Mailenable ≫ Mailenable Professional Version1.0.016

Mailenable ≫ Mailenable Professional Version1.0.017

Mailenable ≫ Mailenable Professional Version1.1

Mailenable ≫ Mailenable Professional Version1.2

Mailenable ≫ Mailenable Professional Version1.2a

Mailenable ≫ Mailenable Professional Version1.5

Mailenable ≫ Mailenable Professional Version1.6

Mailenable ≫ Mailenable Professional Version1.7

Mailenable ≫ Mailenable Professional Version1.12

Mailenable ≫ Mailenable Professional Version1.13

Mailenable ≫ Mailenable Professional Version1.14

Mailenable ≫ Mailenable Professional Version1.15

Mailenable ≫ Mailenable Professional Version1.16

Mailenable ≫ Mailenable Professional Version1.17

Mailenable ≫ Mailenable Professional Version1.18

Mailenable ≫ Mailenable Professional Version1.19

Mailenable ≫ Mailenable Professional Version1.51

Mailenable ≫ Mailenable Professional Version1.52

Mailenable ≫ Mailenable Professional Version1.53

Mailenable ≫ Mailenable Professional Version1.54

Mailenable ≫ Mailenable Professional Version1.72

Mailenable ≫ Mailenable Professional Version1.73

Mailenable ≫ Mailenable Professional Version1.82

Mailenable ≫ Mailenable Professional Version1.83

Mailenable ≫ Mailenable Professional Version1.84

Mailenable ≫ Mailenable Professional Version1.101

Mailenable ≫ Mailenable Professional Version1.102

Mailenable ≫ Mailenable Professional Version1.103

Mailenable ≫ Mailenable Professional Version1.104

Mailenable ≫ Mailenable Professional Version1.105

Mailenable ≫ Mailenable Professional Version1.106

Mailenable ≫ Mailenable Professional Version1.107

Mailenable ≫ Mailenable Professional Version1.108

Mailenable ≫ Mailenable Professional Version1.109

Mailenable ≫ Mailenable Professional Version1.110

Mailenable ≫ Mailenable Professional Version1.111

Mailenable ≫ Mailenable Professional Version1.112

Mailenable ≫ Mailenable Professional Version1.113

Mailenable ≫ Mailenable Professional Version1.114

Mailenable ≫ Mailenable Professional Version1.115

Mailenable ≫ Mailenable Professional Version1.116

Mailenable ≫ Mailenable Professional Version2.0

Mailenable ≫ Mailenable Professional Version2.1

Mailenable ≫ Mailenable Professional Version2.2

Mailenable ≫ Mailenable Professional Version2.32

Mailenable ≫ Mailenable Professional Version2.33

Mailenable ≫ Mailenable Professional Version2.34

Mailenable ≫ Mailenable Professional Version2.35

Mailenable ≫ Mailenable Professional Version2.351

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.77%	0.855

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://osvdb.org/33188

http://osvdb.org/33189

http://osvdb.org/33190

http://secunia.com/advisories/23998

Patch

Vendor Advisory

http://secunia.com/secunia_research/2007-38/advisory/

Patch

Vendor Advisory

http://securityreason.com/securityalert/2258

http://www.mailenable.com/Professional20-ReleaseNotes.txt

http://www.securityfocus.com/archive/1/460063/100/0/threaded

http://www.securityfocus.com/bid/22554

http://www.vupen.com/english/advisories/2007/0595

https://exchange.xforce.ibmcloud.com/vulnerabilities/32476

https://exchange.xforce.ibmcloud.com/vulnerabilities/32480

https://nvd.nist.gov/vuln/detail/CVE-2007-0651

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0651

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0651

EUVD