CVE-2012-0389 Information

Description

Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional Enterprise and Premium 4.26 and earlier 5.x before 5.53 and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html http://osvdb.org/78242 http://secunia.com/advisories/47518 http://secunia.com/advisories/47562 http://www.exploit-db.com/exploits/18447 http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 http://www.nerv.fi/CVE-2012-0389.txt http://www.securityfocus.com/bid/51401 http://www.securitytracker.com/id?1026519 https://exchange.xforce.ibmcloud.com/vulnerabilities/72380