5.1
CVE-2026-23612 - GFI MailEssentials AI < 22.4 Anti-Spam IP DNS Blocklist Domain Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_IPs parameter to /MailEssentials/pages/MailSecurity/ipdnsblocklist.a…
5.1
CVE-2026-23611 - GFI MailEssentials AI < 22.4 Anti-Spam IP Blocklist Description Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter to /MailEssentials/pages/MailSecurity/ipblocklist.as…
5.1
CVE-2026-23610 - GFI MailEssentials AI < 22.4 POP2Exchange POP3 Server Login Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP3 server login field within the JSON \"popServers\" payload to /MailEssentials/pages/MailSecurity/P…
5.1
CVE-2026-23609 - GFI MailEssentials AI < 22.4 General Settings Perimeter SMTP Servers Description Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/Per…
5.1
CVE-2026-23608 - GFI MailEssentials AI < 22.4 Email Management Mail Monitoring Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON \"name\" field to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save, which is stored…
5.1
CVE-2026-23607 - GFI MailEssentials AI < 22.4 Anti-Spam Whitelist Description Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtDescription parameter to /MailEssentials/pages/MailSecurity/Whit…
5.1
CVE-2026-23606 - GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to /MailEssentials/pages/MailSecurit…
9.3
CVE-2026-2409 - SQL Injection via Argument Injection in Delinea Cloud Suite up to 25.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.
5.1
CVE-2026-23605 - GFI MailEssentials AI < 22.4 Attachment Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/att…
5.1
CVE-2026-23604 - GFI MailEssentials AI < 22.4 Keyword Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/conten…