Vulnerabilities (CVE)

Filtered by vendor Mailenable

Filtered by product Mailenable

Total 46 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-12924	1 Mailenable	1 Mailenable	2024-11-21	5.0 MEDIUM	9.8 CRITICAL
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).
CVE-2019-12923	1 Mailenable	1 Mailenable	2024-11-21	4.3 MEDIUM	6.5 MEDIUM
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.
CVE-2015-9280	1 Mailenable	1 Mailenable	2024-11-21	5.0 MEDIUM	10.0 CRITICAL
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
CVE-2015-9279	1 Mailenable	1 Mailenable	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
CVE-2015-9278	1 Mailenable	1 Mailenable	2024-11-21	5.0 MEDIUM	9.8 CRITICAL
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
CVE-2015-9277	1 Mailenable	1 Mailenable	2024-11-21	7.5 HIGH	9.1 CRITICAL
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.