CVE-2012-0389

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-0389
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html Exploit
http://osvdb.org/78242
http://secunia.com/advisories/47518 Vendor Advisory
http://secunia.com/advisories/47562 Vendor Advisory
http://www.exploit-db.com/exploits/18447
http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 Patch Vendor Advisory
http://www.nerv.fi/CVE-2012-0389.txt Exploit
http://www.securityfocus.com/bid/51401 Exploit
http://www.securitytracker.com/id?1026519 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72380
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mailenable:mailenable:*:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.2:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.2a:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.5:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.6:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.7:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.17:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.18:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.19:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.51:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.52:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.53:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.54:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.70:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.71:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.72:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.73:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.74:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.75:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.76:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.77:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.78:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.79:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.0:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.01:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.02:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.03:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.04:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.5:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.6:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.10:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.11:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.12:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.13:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.14:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.51:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.52:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.52:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.53:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.61:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.62:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.63:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.0:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.1:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.01:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.11:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.12:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.13:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.14:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.15:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.16:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.17:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.22:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.23:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.24:-:pro:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.25:-:pro:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:mailenable:mailenable:*:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.00:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.1:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.01:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.02:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.2:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.03:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.04:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.21:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.22:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.23:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.24:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.25:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:1.26:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.01:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.02:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.03:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.04:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.5:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.6:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.10:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.11:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.12:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.13:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.14:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.51:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.52:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.52:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.53:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.61:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.62:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:3.63:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.01:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.1:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.11:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.12:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.13:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.14:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.15:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.16:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.17:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.22:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.23:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.24:-:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.25:-:enterprise:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:mailenable:mailenable:*:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.1:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.2:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.21:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.22:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.23:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.24:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:4.25:*:premium:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:mailenable:mailenable:5.0:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.01:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.02:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.03:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.04:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.5:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.05:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.06:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.07:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.10:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.11:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.51:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.52:*:professional:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:mailenable:mailenable:5.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.01:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.02:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.03:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.04:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.5:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.05:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.06:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.07:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.10:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.11:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.51:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.52:*:enterprise:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:mailenable:mailenable:5.0:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.01:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.02:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.03:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.04:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.05:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.5:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.06:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.07:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.10:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.11:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.51:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:5.52:*:premium:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:mailenable:mailenable:6.0:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:6.01:*:professional:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:6.02:*:professional:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:a:mailenable:mailenable:6.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:6.01:*:enterprise:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:6.02:*:enterprise:*:*:*:*:*

Configuration 9 (hide)

OR cpe:2.3:a:mailenable:mailenable:6.0:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:6.01:*:premium:*:*:*:*:*
cpe:2.3:a:mailenable:mailenable:6.02:*:premium:*:*:*:*:*
History

No history.

Information

Published : 2012-01-24 18:55

Updated : 2024-02-04 17:54

NVD link : CVE-2012-0389

Mitre link : CVE-2012-0389

CVE.ORG link : CVE-2012-0389

JSON object : View

Products Affected

mailenable

  • mailenable
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')