{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23605", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-14T16:02:29.334Z", "datePublished": "2026-02-19T17:54:49.877Z", "dateUpdated": "2026-05-14T02:09:08.339Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MailEssentials AI", "vendor": "GFI Software", "versions": [{"lessThan": "22.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gfi:mailessentials:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.4"}]}]}], "credits": [{"lang": "en", "type": "finder", "value": "Alex Williams from Pellera Technologies"}, {"lang": "en", "type": "coordinator", "value": "VulnCheck"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "GFI MailEssentials AI versions prior to&nbsp;22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/attachmentchecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user."}], "value": "GFI MailEssentials AI versions prior to\u00a022.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/attachmentchecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:09:08.339Z"}, "references": [{"tags": ["release-notes", "patch"], "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-attachment-filtering-rule-stored-xss"}], "source": {"discovery": "EXTERNAL"}, "title": "GFI MailEssentials AI < 22.4 Attachment Filtering Rule Stored XSS", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T20:25:15.733976Z", "id": "CVE-2026-23605", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T20:25:26.390Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23605", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T20:25:15.733976Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T20:25:21.961Z"}}], "cna": {"title": "GFI MailEssentials AI < 22.4 Attachment Filtering Rule Stored XSS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Alex Williams from Pellera Technologies"}, {"lang": "en", "type": "coordinator", "value": "VulnCheck"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "GFI Software", "product": "MailEssentials AI", "versions": [{"status": "affected", "version": "0", "lessThan": "22.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases", "tags": ["release-notes", "patch"]}, {"url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-attachment-filtering-rule-stored-xss", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "GFI MailEssentials AI versions prior to\u00a022.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/attachmentchecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", "supportingMedia": [{"type": "text/html", "value": "GFI MailEssentials AI versions prior to&nbsp;22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/attachmentchecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gfi:mailessentials:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "22.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:09:08.339Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23605", "state": "PUBLISHED", "dateUpdated": "2026-05-14T02:09:08.339Z", "dateReserved": "2026-01-14T16:02:29.334Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-02-19T17:54:49.877Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gfi:mailessentials:*:*:*:*:*:*:*:*", "matchCriteriaId": "590491F7-F669-445A-84D8-9066DBFEA0EA", "versionEndExcluding": "22.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GFI MailEssentials AI versions prior to\u00a022.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/attachmentchecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user."}], "id": "CVE-2026-23605", "lastModified": "2026-02-20T17:30:35.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-02-19T18:24:54.600", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Release Notes"], "url": "https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/gfi-mailessentials-ai-attachment-filtering-rule-stored-xss"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,22.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "MailEssentials AI", "source": "cna", "vendor": "GFI Software"}, "product": "mailessentials_ai", "vendor": "gfi"}], "analysis": {"en": {"generated_at": "2026-04-17T18:01:43.653827+00:00", "value": {"mitigation_remediation": ["Upgrade GFI MailEssentials AI to version 22.4 or later.", "Restrict rule\u2011creation and editing privileges to trusted administrators and remove unnecessary write access.", "Sanitize or escape all user\u2011supplied input for rule names before rendering it in the UI to prevent script execution."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting in attachment filtering rule creation"}, "threat_synthesis": {"affected_systems": "The flaw affects all installations of GFI MailEssentials AI released prior to version 22.4. The vulnerability exists in the attachment checking page located at /MailEssentials/pages/MailSecurity/attachmentchecking.aspx. All product variants that expose this page are susceptible, regardless of deployment size or configuration.", "description_and_impact": "In GFI MailEssentials AI versions before 22.4 a stored cross\u2011site scripting flaw resides in the attachment filtering rule creation workflow. An attacker who is authenticated to the management interface can supply arbitrary HTML or JavaScript in the rule name field, which is stored unfiltered and later rendered inside the rule editing view. The result is that whenever any logged\u2011in user views or edits the malicious rule, browser\u2011side code runs with the privileges of that user, enabling session hijacking, data theft or further client\u2011side attacks. The weakness stems from improper input validation and output encoding.", "risk_and_exploitability": "The CVSS base score is 5.1, indicating medium severity. EPSS is reported as less than 1\u202f%, showing a very low likelihood that exploitation is occurring currently, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires legitimate credentials to the management console; an attacker who can create a rule can embed malicious payloads that trigger when any user accesses that rule. Because the attack is authenticated and the page is rendered client\u2011side, the risk is limited to user accounts that view the rule, but it can still compromise confidential data or inject further malicious content into administrative sessions."}}}}, "created": "2026-02-20T10:06:13.867103+00:00", "updated": "2026-04-17T18:15:26.762550+00:00", "vendors": ["gfi", "gfi$PRODUCT$mailessentials_ai"]}