MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-08T21:04:35
Updated: 2024-08-04T23:32:55.590Z
Reserved: 2019-06-20T00:00:00
Link: CVE-2019-12927
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-07-08T22:15:11.813
Modified: 2019-07-23T17:51:39.970
Link: CVE-2019-12927
Redhat
No data.