Vulnerability Details : CVE-2007-0651
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2007-0651
- cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.83:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.34:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.35:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.351:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0651
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0651
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2007-0651
-
http://www.vupen.com/english/advisories/2007/0595
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32480
-
http://www.mailenable.com/Professional20-ReleaseNotes.txt
-
http://www.securityfocus.com/archive/1/460063/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32476
-
http://securityreason.com/securityalert/2258
-
http://www.securityfocus.com/bid/22554
Jump to