CVE-2026-23610
- EPSS 0.04%
- Veröffentlicht 19.02.2026 18:24:55
- Zuletzt bearbeitet 20.02.2026 17:29:47
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP3 server login field within the JSON \"popServers\...
CVE-2026-23611
- EPSS 0.04%
- Veröffentlicht 19.02.2026 18:24:55
- Zuletzt bearbeitet 20.02.2026 17:29:36
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter to ...
CVE-2026-23612
- EPSS 0.04%
- Veröffentlicht 19.02.2026 18:24:55
- Zuletzt bearbeitet 20.02.2026 17:29:28
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_IPs parameter to /M...
CVE-2026-23604
- EPSS 0.04%
- Veröffentlicht 19.02.2026 18:24:54
- Zuletzt bearbeitet 20.02.2026 17:32:18
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName param...
CVE-2026-23605
- EPSS 0.04%
- Veröffentlicht 19.02.2026 18:24:54
- Zuletzt bearbeitet 20.02.2026 17:30:35
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName pa...
CVE-2026-23606
- EPSS 0.04%
- Veröffentlicht 19.02.2026 18:24:54
- Zuletzt bearbeitet 20.02.2026 17:30:27
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleNa...
CVE-2026-23607
- EPSS 0.04%
- Veröffentlicht 19.02.2026 18:24:54
- Zuletzt bearbeitet 20.02.2026 17:30:18
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtDescription par...
CVE-2026-23621
- EPSS 0.04%
- Veröffentlicht 19.02.2026 18:01:03
- Zuletzt bearbeitet 20.02.2026 17:21:44
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated use...
CVE-2025-34491
- EPSS 1.16%
- Veröffentlicht 28.04.2025 19:20:02
- Zuletzt bearbeitet 04.11.2025 23:15:37
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.
CVE-2025-34490
- EPSS 0.13%
- Veröffentlicht 28.04.2025 19:15:47
- Zuletzt bearbeitet 04.11.2025 23:15:36
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.