CVE-2026-23611

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4

Description The software contains a stored cross-site scripting issue in the IP Blocklist management page. A logged-in user can inject HTML or JavaScript code into the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter of the '/MailEssentials/pages/MailSecurity/ipblocklist.aspx' API endpoint. This injected code is then stored and displayed within the management interface, leading to script execution within the user's session.

Recommendations Update to version 22.4 or later.