MailEnable Professional and Enterprise versions are prone to cross-site scripting vulnerabilities as the user-supplied input received via "Username" parameter of "ForgottonPassword.aspx" page is not properly sanitized (CVE-2012-0389). A specially crafted URL which a user clicks could gain access to the users cookies for webmail. The affected versions of MailEnable are:
MailEnable Professional, Enterprise & Premium
4.26 and earlier
MailEnable Professional, Enterprise & Premium 5.52 and earlier
MailEnable Professional, Enterprise & Premium 6.02 and earlier
MailEnable Standard is not affected.
This is caused by the input to the forgotten password page (specifically the username) not being sanitised.
Users of MailEnable 5 and 6 can resolve the issue by upgrading to version 5.53 or 6.03 or later. Alternatively, and for version 4 users, the following fix can be applied:
document.getElementById("txtUsername").value = '<%= Request.Item("Username") %>'<%= Request.Item("Username") %>;
CVE Identifier for this vulnerability is CVE-2012-0389.
|Class:||BUG: Product Defect/Bug|
|Revised:||Wednesday, May 4, 2016|