Lucene search
K

205 matches found

NVD
NVD
added 2025/12/09 6:15 p.m.5 views

CVE-2025-34403

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

6.1CVSS0.00324EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 6:15 p.m.5 views

CVE-2025-34400

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 6:15 p.m.5 views

CVE-2025-34400

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...

6.1CVSS0.00324EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34399

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScript...

6.1CVSS0.00324EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 6:10 p.m.18 views

CVE-2025-34398 MailEnable < 10.54 Reflected XSS in AddressesBcc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

5.3CVSS0.00324EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 6:10 p.m.9 views

CVE-2025-34398

MailEnable versions prior to 10.54 are affected by a reflected XSS in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via GET and is reflected inside a JavaScript script block (var sAddrBcc). An attacker can ter...

6.1CVSS5.5AI score0.00324EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/12/09 6:10 p.m.18 views

CVE-2025-34399 MailEnable < 10.54 Reflected XSS in AddressesCc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScript...

5.3CVSS0.00324EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 6:10 p.m.17 views

CVE-2025-34399

MailEnable versions prior to 10.54 are affected by a reflected XSS in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized for GET requests and is echoed inside a [removed] block in the JavaScript variable sAddrCc, enabling an attack...

6.1CVSS5.4AI score0.00324EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/12/09 6:9 p.m.19 views

CVE-2025-34400 MailEnable < 10.54 Reflected XSS in AddressesTo Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...

5.3CVSS0.00324EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 6:9 p.m.11 views

CVE-2025-34400

Summary: CVE-2025-34400 affects MailEnable versions prior to 10.54, exposing a reflected XSS in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The vulnerability stems from inadequate sanitization when the parameter is processed via GET, with the value reflected inside a [rem...

6.1CVSS5.4AI score0.00324EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/12/09 6:9 p.m.3 views

EUVD-2025-202190

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variab...

6.1CVSS5.3AI score0.00324EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/09 6:8 p.m.21 views

CVE-2025-34402 MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

5.3CVSS0.00324EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:8 p.m.4 views

EUVD-2025-202192

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

6.1CVSS5.3AI score0.00324EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/09 6:8 p.m.2 views

CVE-2025-34402 MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

5.3CVSS5.4AI score0.00324EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 6:8 p.m.2 views

CVE-2025-34403 MailEnable < 10.54 Reflected XSS in FieldTo Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

5.3CVSS5.4AI score0.00324EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:8 p.m.4 views

EUVD-2025-202193

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

6.1CVSS5.3AI score0.00324EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/09 6:8 p.m.19 views

CVE-2025-34403 MailEnable < 10.54 Reflected XSS in FieldTo Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

5.3CVSS0.00324EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6AI score0.00324EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50138

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the AddressesCc parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The AddressesCc value...

6.1CVSS5.7AI score0.00324EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50141

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the FieldCc parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The FieldCc value is not...

6.1CVSS6AI score0.00324EPSS
Exploits0References5
Rows per page
Query Builder