Vulnerability Report

CVE-2012-0389

Title: Mailenable Cross-Site Scripting (XSS)

XSS

Proof Of Concept

PoC Available for CVE-2012-0389

CWE Category CWE-79

Published Date Jan 24, 2012

Modified Date Apr 29, 2026

Exploit Status Available

Score 4.3 CVSS v2.0

Exploit Probability (EPSS)

33.84%

Vulnerability Summary

CVE-2012-0389: Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.

Impacted Vendors

mailenable 1

Reference Links

http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html http://osvdb.org/78242 http://secunia.com/advisories/47518 http://secunia.com/advisories/47562 http://www.exploit-db.com/exploits/18447 http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 http://www.nerv.fi/CVE-2012-0389.txt http://www.securityfocus.com/bid/51401 http://www.securitytracker.com/id?1026519 https://exchange.xforce.ibmcloud.com/vulnerabilities/72380 http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html http://osvdb.org/78242 http://secunia.com/advisories/47518 http://secunia.com/advisories/47562 http://www.exploit-db.com/exploits/18447 http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 http://www.nerv.fi/CVE-2012-0389.txt http://www.securityfocus.com/bid/51401 http://www.securitytracker.com/id?1026519 https://exchange.xforce.ibmcloud.com/vulnerabilities/72380

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

4.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2012-0389 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/36547

View Code

Exploit-DB https://www.exploit-db.com/exploits/18447

View Code

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

January 24, 2012 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected Stack

No specific products linked.