Unrated severityNVD Advisory· Published Feb 15, 2007· Updated Apr 23, 2026
CVE-2007-0651
CVE-2007-0651
Description
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
Affected products
61cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*+ 60 more
- cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.83:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.34:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.35:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:2.351:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- secunia.com/advisories/23998nvdPatchVendor Advisory
- secunia.com/secunia_research/2007-38/advisory/nvdPatchVendor Advisory
- osvdb.org/33188nvd
- osvdb.org/33189nvd
- osvdb.org/33190nvd
- securityreason.com/securityalert/2258nvd
- www.mailenable.com/Professional20-ReleaseNotes.txtnvd
- www.securityfocus.com/archive/1/460063/100/0/threadednvd
- www.securityfocus.com/bid/22554nvd
- www.vupen.com/english/advisories/2007/0595nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/32476nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/32480nvd
News mentions
0No linked articles in our index yet.