CVE-2025-34402 MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...