CVE-2019-12927

Name of the Vulnerable Software and Affected Versions MailEnable Enterprise Premium version 10.23

Description The issue allows for stored and reflected cross-site scripting (XSS) attacks. It is also possible to hijack the session cookie due to the lack of the HttpOnly flag, which can be exploited to gain unauthorized access.

Recommendations For MailEnable Enterprise Premium version 10.23, consider setting the HttpOnly flag for the session cookie to prevent hijacking. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.