Intrusion Prevention

MailEnable.Webmail.XSS

Description

This indicates an attack attempt against a Cross Site Scripting vulnerability in MailEnable Webmail.
The vulnerability is caused because the user input filters fail to properly sanitize the Username parameter value that is passed to "ForgottonPassword.aspx". It may allow an attacker to inject arbitrary javascript code on a vulnerable system.

Affected Products

MailEnable Professional, Enterprise & Premium 4.26 and earlier
MailEnable Professional, Enterprise & Premium 5.x before 5.53
MailEnable Professional, Enterprise & Premium 6.x before 6.03

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the web site.
http://www.mailenable.com/download.asp

CVE References

CVE-2012-0389