Gfi Mailessentials vulnerabilities
22 known vulnerabilities affecting gfi/mailessentials.
Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM19
Vulnerabilities
Page 2 of 2
CVE-2004-1312P4CRITICALCVSS 10.0v9.0v10.0+1 more2005-01-03
CVE-2004-1312 [CRITICAL] CVE-2004-1312: A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party product
A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
nvd
CVE-2026-23619P4MEDIUMCVSS 5.4fixed in 22.42026-02-19
CVE-2026-23619 [MEDIUM] CWE-79 CVE-2026-23619: GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx, which is stored and later rendered in the management inte
nvd
← Previous2 / 2