Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
http://archives.neohapsis.com/archives/bugtraq/2012-01/0090.html
http://secunia.com/advisories/47518
http://secunia.com/advisories/47562
https://exchange.xforce.ibmcloud.com/vulnerabilities/72380