Gfi

Mailessentials

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-23620

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:57
  • Zuletzt bearbeitet 20.02.2026 17:22:08

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can sup...

5.4

CVE-2026-23617

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:57
  • Zuletzt bearbeitet 20.02.2026 17:28:16

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Body) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXB...

5.4

CVE-2026-23616

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:57
  • Zuletzt bearbeitet 20.02.2026 17:28:51

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDe...

5.4

CVE-2026-23618

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:57
  • Zuletzt bearbeitet 20.02.2026 17:27:59

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Subject) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$...

5.4

CVE-2026-23619

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:57
  • Zuletzt bearbeitet 20.02.2026 17:22:28

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /Ma...

5.4

CVE-2026-23613

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:56
  • Zuletzt bearbeitet 20.02.2026 17:29:21

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_URIs parameter to ...

5.4

CVE-2026-23614

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:56
  • Zuletzt bearbeitet 20.02.2026 17:29:13

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework IP Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv2$txtIPDescri...

5.4

CVE-2026-23615

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:56
  • Zuletzt bearbeitet 20.02.2026 17:29:05

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmail...

5.4

CVE-2026-23608

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:55
  • Zuletzt bearbeitet 20.02.2026 17:30:10

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON \"name\" field to /MailEssentials/pages/MailS...

5.4

CVE-2026-23609

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 18:24:55
  • Zuletzt bearbeitet 20.02.2026 17:29:57

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription pa...