CVE-2026-23606

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4

Description The software contains a stored cross-site scripting issue in the Advanced Content Filtering rule creation workflow. A logged-in user can inject HTML or JavaScript code via the txtRuleName parameter of the '/MailEssentials/pages/MailSecurity/advancedfiltering.aspx' API endpoint. This injected code is then stored and displayed within the management interface, leading to script execution within the user's session.

Recommendations Update to version 22.4 or later.