Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailenable | Mailenable Professional | 1.0.004 |
References
- http://osvdb.org/33188
- http://osvdb.org/33189
- http://osvdb.org/33190
- http://secunia.com/advisories/23998PatchVendor Advisory
- http://secunia.com/secunia_research/2007-38/advisory/PatchVendor Advisory
- http://securityreason.com/securityalert/2258
- http://www.mailenable.com/Professional20-ReleaseNotes.txt
- http://www.securityfocus.com/archive/1/460063/100/0/threaded
- http://www.securityfocus.com/bid/22554
- http://www.vupen.com/english/advisories/2007/0595
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32476
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32480
- http://osvdb.org/33188
- http://osvdb.org/33189
- http://osvdb.org/33190
FAQ
What is CVE-2007-0651?
CVE-2007-0651 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter...
How severe is CVE-2007-0651?
CVE-2007-0651 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0651?
Check the references section above for vendor advisories and patch information. Affected products include: Mailenable Mailenable Professional.