CVE-2025-34403

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a...

CVE-2025-34404

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a...

CVE-2025-34408

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

CVE-2025-34418

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

CVE-2025-34424 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIDP.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

CVE-2025-34420

MailEnable

MailEnable 安全漏洞

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable has a security vulnerability that can be exploited by attackers to cause local credential disclosure and account takeover...

CVE-2025-34425

MailEnable

CVE-2025-34402

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

CVE-2025-34400

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...

CVE-2025-34398

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

CVE-2025-34403

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

CVE-2025-34396

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

CVE-2025-34408 MailEnable < 10.54 Reflected XSS in Added Parameter of MAI/AddRecipientsResult.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

CVE-2025-34407

MailEnable prior to 10.54 contains a reflected XSS in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is echoed via GET and can break out of iframes, enabling attacker-supplied script execution in a victim’s browser, with potential redirection, cookie theft, or HTML/...

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...