Vulnerabilities > CVE-2007-0652 - HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

mailenable

nessus

NVD

Published: 2007-02-15

Updated: 2018-10-16

Summary

Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.

Vulnerable Configurations

Part	Description	Count
Application	Mailenable Mailenable Mailenable Professional 1.0.004 Mailenable Mailenable Professional 1.0.005 Mailenable Mailenable Professional 1.0.006 Mailenable Mailenable Professional 1.0.007 Mailenable Mailenable Professional 1.0.008 Mailenable Mailenable Professional 1.0.009 Mailenable Mailenable Professional 1.0.010 Mailenable Mailenable Professional 1.0.011 Mailenable Mailenable Professional 1.0.012 Mailenable Mailenable Professional 1.0.013 Mailenable Mailenable Professional 1.0.014 Mailenable Mailenable Professional 1.0.015 Mailenable Mailenable Professional 1.0.016 Mailenable Mailenable Professional 1.0.017 Mailenable Mailenable Professional 1.1 Mailenable Mailenable Professional 1.2 Mailenable Mailenable Professional 1.2A Mailenable Mailenable Professional 1.5 Mailenable Mailenable Professional 1.6 Mailenable Mailenable Professional 1.7 Mailenable Mailenable Professional 1.12 Mailenable Mailenable Professional 1.13 Mailenable Mailenable Professional 1.14 Mailenable Mailenable Professional 1.15 Mailenable Mailenable Professional 1.16 Mailenable Mailenable Professional 1.17 Mailenable Mailenable Professional 1.18 Mailenable Mailenable Professional 1.19 Mailenable Mailenable Professional 1.51 Mailenable Mailenable Professional 1.52 Mailenable Mailenable Professional 1.53 Mailenable Mailenable Professional 1.54 Mailenable Mailenable Professional 1.72 Mailenable Mailenable Professional 1.73 Mailenable Mailenable Professional 1.82 Mailenable Mailenable Professional 1.83 Mailenable Mailenable Professional 1.84 Mailenable Mailenable Professional 1.101 Mailenable Mailenable Professional 1.102 Mailenable Mailenable Professional 1.103 Mailenable Mailenable Professional 1.104 Mailenable Mailenable Professional 1.105 Mailenable Mailenable Professional 1.106 Mailenable Mailenable Professional 1.107 Mailenable Mailenable Professional 1.108 Mailenable Mailenable Professional 1.109 Mailenable Mailenable Professional 1.110 Mailenable Mailenable Professional 1.111 Mailenable Mailenable Professional 1.112 Mailenable Mailenable Professional 1.113 Mailenable Mailenable Professional 1.114 Mailenable Mailenable Professional 1.115 Mailenable Mailenable Professional 1.116 Mailenable Mailenable Professional 2.0 Mailenable Mailenable Professional 2.1 Mailenable Mailenable Professional 2.2 Mailenable Mailenable Professional 2.32 Mailenable Mailenable Professional 2.33 Mailenable Mailenable Professional 2.34 Mailenable Mailenable Professional 2.35 Mailenable Mailenable Professional 2.351	61

Nessus

NASL family	CGI abuses
NASL id	MAILENABLE_WEBMAIL_XSS.NASL
description	The Web Mail Client bundled with the version of MailEnable installed on the remote host reportedly fails to properly sanitize email messages and various script parameters of malicious script code, which can lead to cross-site scripting, cross-site request forgery, and script insertion attacks against the affected software.
last seen	2020-06-01
modified	2020-06-02
plugin id	24345
published	2007-02-15
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24345
title	MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(24345); script_version("1.17"); script_cvs_date("Date: 2018/11/15 20:50:17"); script_cve_id("CVE-2007-0651", "CVE-2007-0652"); script_bugtraq_id(22554); script_name(english:"MailEnable Web Mail Client Multiple Vulnerabilities (XSS, CSRF)"); script_summary(english:"Checks version of MailEnable"); script_set_attribute(attribute:"synopsis", value: "The remote webmail service is affected by multiple issues." ); script_set_attribute(attribute:"description", value: "The Web Mail Client bundled with the version of MailEnable installed on the remote host reportedly fails to properly sanitize email messages and various script parameters of malicious script code, which can lead to cross-site scripting, cross-site request forgery, and script insertion attacks against the affected software." ); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2007-38/advisory/" ); script_set_attribute(attribute:"see_also", value:"http://www.mailenable.com/Professional20-ReleaseNotes.txt" ); script_set_attribute(attribute:"see_also", value:"http://www.mailenable.com/Enterprise20-ReleaseNotes.txt" ); script_set_attribute(attribute:"solution", value: "Upgrade to MailEnable Professional Edition 1.85 / 2.37 or Enterprise 1.42 / 2.37 or later as they are rumoured to address the issues." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/15"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/02/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mailenable:mailenable"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("mailenable_detect.nasl"); script_require_keys("SMB/MailEnable/Installed"); script_require_ports(139, 445); exit(0); } if (!get_kb_item("SMB/MailEnable/Installed")) exit(0); if (get_kb_item("SMB/MailEnable/Standard")) prod = "Standard"; if (get_kb_item("SMB/MailEnable/Professional")) prod = "Professional"; else if (get_kb_item("SMB/MailEnable/Enterprise")) prod = "Enterprise"; # Check version of MailEnable. if (prod == "Professional" \|\| prod == "Enterprise") { kb_base = "SMB/MailEnable/" + prod; ver = get_kb_item(kb_base+"/Version"); if (isnull(ver)) exit(0); if ( # 1.0-1.84 Professional Edition # 2.0-2.36 Professional Edition (prod == "Professional" && ver =~ "^(1\.([0-7]($\|[0-9.])\|8$\|8[0-4])\|2\.([0-2]($\|[0-9.])\|3($\|[0-6])))") \|\| # 1.0-1.41 Enterprise Edition # 2.0-2.36 Enterprise Edition (prod == "Enterprise" && ver =~ "^(1\.([0-3]($\|[0-9].)\|4$\|4[01])\|2\.([0-2]($\|[0-9.])\|3($\|[0-6])))") ) { security_warning(get_kb_item("SMB/transport")); set_kb_item(name: 'www/0/XSS', value: TRUE); } }

Summary

Vulnerable Configurations

Nessus

References