CVE-2012-0389

MailEnable <6.03 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Sajjad Pourali · textwebappsasp

https://www.exploit-db.com/exploits/18447

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Sajjad Pourali · textwebappsasp

https://www.exploit-db.com/exploits/36547

View Code ZIP pw:eip

References (10)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html

[Third Party Advisory, VDB Entry] http://osvdb.org/78242

[Vendor Advisory] http://secunia.com/advisories/47518

[Vendor Advisory] http://secunia.com/advisories/47562

[Patch, Vendor Advisory] http://www.mailenable.com/kb/Content/Article.asp?ID=me020567

[Exploit] http://www.nerv.fi/CVE-2012-0389.txt

[Exploit] http://www.securityfocus.com/bid/51401

[Exploit] http://www.securitytracker.com/id?1026519

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72380

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/18447

Scores

EPSS 0.3384

EPSS Percentile 96.9%

Classification

CWE

CWE-79

Status published

Affected Products (50)

mailenable/mailenable < 4.26

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

mailenable/mailenable

... and 35 more

Timeline

Published Jan 24, 2012

Tracked Since Feb 18, 2026