Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mailenable_professional | Mailenable | 1.0.004 (including) | 1.0.004 (including) |
| Mailenable_professional | Mailenable | 1.0.005 (including) | 1.0.005 (including) |
| Mailenable_professional | Mailenable | 1.0.006 (including) | 1.0.006 (including) |
| Mailenable_professional | Mailenable | 1.0.007 (including) | 1.0.007 (including) |
| Mailenable_professional | Mailenable | 1.0.008 (including) | 1.0.008 (including) |
| Mailenable_professional | Mailenable | 1.0.009 (including) | 1.0.009 (including) |
| Mailenable_professional | Mailenable | 1.0.010 (including) | 1.0.010 (including) |
| Mailenable_professional | Mailenable | 1.0.011 (including) | 1.0.011 (including) |
| Mailenable_professional | Mailenable | 1.0.012 (including) | 1.0.012 (including) |
| Mailenable_professional | Mailenable | 1.0.013 (including) | 1.0.013 (including) |
| Mailenable_professional | Mailenable | 1.0.014 (including) | 1.0.014 (including) |
| Mailenable_professional | Mailenable | 1.0.015 (including) | 1.0.015 (including) |
| Mailenable_professional | Mailenable | 1.0.016 (including) | 1.0.016 (including) |
| Mailenable_professional | Mailenable | 1.0.017 (including) | 1.0.017 (including) |
| Mailenable_professional | Mailenable | 1.1 (including) | 1.1 (including) |
| Mailenable_professional | Mailenable | 1.2 (including) | 1.2 (including) |
| Mailenable_professional | Mailenable | 1.2a (including) | 1.2a (including) |
| Mailenable_professional | Mailenable | 1.5 (including) | 1.5 (including) |
| Mailenable_professional | Mailenable | 1.6 (including) | 1.6 (including) |
| Mailenable_professional | Mailenable | 1.7 (including) | 1.7 (including) |
| Mailenable_professional | Mailenable | 1.12 (including) | 1.12 (including) |
| Mailenable_professional | Mailenable | 1.13 (including) | 1.13 (including) |
| Mailenable_professional | Mailenable | 1.14 (including) | 1.14 (including) |
| Mailenable_professional | Mailenable | 1.15 (including) | 1.15 (including) |
| Mailenable_professional | Mailenable | 1.16 (including) | 1.16 (including) |
| Mailenable_professional | Mailenable | 1.17 (including) | 1.17 (including) |
| Mailenable_professional | Mailenable | 1.18 (including) | 1.18 (including) |
| Mailenable_professional | Mailenable | 1.19 (including) | 1.19 (including) |
| Mailenable_professional | Mailenable | 1.51 (including) | 1.51 (including) |
| Mailenable_professional | Mailenable | 1.52 (including) | 1.52 (including) |
| Mailenable_professional | Mailenable | 1.53 (including) | 1.53 (including) |
| Mailenable_professional | Mailenable | 1.54 (including) | 1.54 (including) |
| Mailenable_professional | Mailenable | 1.72 (including) | 1.72 (including) |
| Mailenable_professional | Mailenable | 1.73 (including) | 1.73 (including) |
| Mailenable_professional | Mailenable | 1.82 (including) | 1.82 (including) |
| Mailenable_professional | Mailenable | 1.83 (including) | 1.83 (including) |
| Mailenable_professional | Mailenable | 1.84 (including) | 1.84 (including) |
| Mailenable_professional | Mailenable | 1.101 (including) | 1.101 (including) |
| Mailenable_professional | Mailenable | 1.102 (including) | 1.102 (including) |
| Mailenable_professional | Mailenable | 1.103 (including) | 1.103 (including) |
| Mailenable_professional | Mailenable | 1.104 (including) | 1.104 (including) |
| Mailenable_professional | Mailenable | 1.105 (including) | 1.105 (including) |
| Mailenable_professional | Mailenable | 1.106 (including) | 1.106 (including) |
| Mailenable_professional | Mailenable | 1.107 (including) | 1.107 (including) |
| Mailenable_professional | Mailenable | 1.108 (including) | 1.108 (including) |
| Mailenable_professional | Mailenable | 1.109 (including) | 1.109 (including) |
| Mailenable_professional | Mailenable | 1.110 (including) | 1.110 (including) |
| Mailenable_professional | Mailenable | 1.111 (including) | 1.111 (including) |
| Mailenable_professional | Mailenable | 1.112 (including) | 1.112 (including) |
| Mailenable_professional | Mailenable | 1.113 (including) | 1.113 (including) |
| Mailenable_professional | Mailenable | 1.114 (including) | 1.114 (including) |
| Mailenable_professional | Mailenable | 1.115 (including) | 1.115 (including) |
| Mailenable_professional | Mailenable | 1.116 (including) | 1.116 (including) |
| Mailenable_professional | Mailenable | 2.0 (including) | 2.0 (including) |
| Mailenable_professional | Mailenable | 2.1 (including) | 2.1 (including) |
| Mailenable_professional | Mailenable | 2.2 (including) | 2.2 (including) |
| Mailenable_professional | Mailenable | 2.32 (including) | 2.32 (including) |
| Mailenable_professional | Mailenable | 2.33 (including) | 2.33 (including) |
| Mailenable_professional | Mailenable | 2.34 (including) | 2.34 (including) |
| Mailenable_professional | Mailenable | 2.35 (including) | 2.35 (including) |
| Mailenable_professional | Mailenable | 2.351 (including) | 2.351 (including) |