Stored and Reflected Cross-Site Scripting (XSS) Vulnerability in MailEnable Enterprise Premium 10.23

Stored and Reflected Cross-Site Scripting (XSS) Vulnerability in MailEnable Enterprise Premium 10.23

CVE-2019-12927 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability.

Learn more about our Web Application Penetration Testing UK.