Vulnerabilities > GFI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-28 | CVE-2025-34490 | XXE vulnerability in GFI Mailessentials GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. | 6.5 |
| 2019-09-30 | CVE-2019-16414 | Cross-site Scripting vulnerability in GFI Kerio Control 9.3.0 A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. | 6.1 |
| 2017-05-02 | CVE-2017-7440 | Improper Restriction of Rendered UI Layers or Frames vulnerability in GFI Kerio Connect and Kerio Connect Client Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | 6.5 |