{"api_version":"1","generated_at":"2026-04-26T02:38:13+00:00","cve":"CVE-2012-2588","urls":{"html":"https://cve.report/CVE-2012-2588","api":"https://cve.report/api/cve/CVE-2012-2588.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-2588","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-2588"},"summary":{"title":"CVE-2012-2588","description":"Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2014-09-19 14:55:00","updated_at":"2017-08-29 01:31:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77547","name":"mailenable-multiple-fields-xss(77547)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/84589","name":"84589","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/54900","name":"54900","refsource":"BID","tags":["Exploit"],"title":"504 Gateway Time-out","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/50205","name":"50205","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.exploit-db.com/exploits/20351","name":"20351","refsource":"EXPLOIT-DB","tags":["Exploit"],"title":"MailEnable Enterprise 6.5 Stored XSS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-2588","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2588","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"2588","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mailenable","cpe5":"mailenable","cpe6":"6.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2588","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mailenable","cpe5":"mailenable","cpe6":"6.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2012-2588","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"mailenable-multiple-fields-xss(77547)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77547"},{"name":"54900","refsource":"BID","url":"http://www.securityfocus.com/bid/54900"},{"name":"84589","refsource":"OSVDB","url":"http://osvdb.org/84589"},{"name":"50205","refsource":"SECUNIA","url":"http://secunia.com/advisories/50205"},{"name":"20351","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/20351"}]}},"nvd":{"publishedDate":"2014-09-19 14:55:00","lastModifiedDate":"2017-08-29 01:31:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mailenable:mailenable:6.5:*:*:*:enterprise:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"2588","Ordinal":"55326","Title":"CVE-2012-2588","CVE":"CVE-2012-2588","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"2588","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"2588","Ordinal":"2","NoteData":"2014-09-19","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"2588","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}