Vulnerabilities > Mailenable > Mailenable > 2.53
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-13 | CVE-2022-42136 | Path Traversal vulnerability in Mailenable Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. | 8.8 |
| 2019-01-16 | CVE-2015-9279 | Cross-site Scripting vulnerability in Mailenable MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | 4.3 |
| 2019-01-16 | CVE-2015-9278 | Credentials Management vulnerability in Mailenable MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | 5.0 |
| 2019-01-16 | CVE-2015-9277 | Path Traversal vulnerability in Mailenable MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. | 7.5 |