CVE-2012-0389

MailEnable <6.03 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Sajjad Pourali · textwebappsasp
https://www.exploit-db.com/exploits/18447
exploitdb WRITEUP VERIFIED
by Sajjad Pourali · textwebappsasp
https://www.exploit-db.com/exploits/36547

References (10)

Core 10
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47518
Exploit vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026519
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51401
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/78242
Exploit x_refsource_misc
http://www.nerv.fi/CVE-2012-0389.txt
Patch, Vendor Advisory x_refsource_confirm
http://www.mailenable.com/kb/Content/Article.asp?ID=me020567
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72380
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47562
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18447

Scores

EPSS 0.3384
EPSS Percentile 97.0%

Details

CWE
CWE-79
Status published
Products (49)
mailenable/mailenable 1.2
mailenable/mailenable 1.2a
mailenable/mailenable 1.5
mailenable/mailenable 1.6
mailenable/mailenable 1.7
mailenable/mailenable 1.17
mailenable/mailenable 1.18
mailenable/mailenable 1.19
mailenable/mailenable 1.51
mailenable/mailenable 1.52
... and 39 more
Published Jan 24, 2012
Tracked Since Feb 18, 2026