Gfi Mailessentials vulnerabilities

CVE-2025-34490 [MEDIUM] CWE-611 CVE-2025-34490: GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An aut GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.

CVE-2004-1312 [CRITICAL] CVE-2004-1312: A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party product A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.