Lucene search
+L

19 matches found

NVD
NVD
added 2026/06/28 4:16 p.m.11 views

CVE-2026-13504

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.1CVSS0.00203EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/28 3:30 p.m.12 views

EUVD-2026-40002

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.1CVSS4AI score0.00203EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 3:30 p.m.42 views

CVE-2026-13504 code-projects Project Management System Mail Compose mail.php cross site scripting

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.1CVSS0.00203EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.15 views

PT-2026-53115

Name of the Vulnerable Software and Affected Versions code-projects Project Management System version 1.0 Description Cross site scripting XSS occurs in the Mail Compose Page component within the /mail.php endpoint. This issue allows a remote attacker to execute malicious scripts through the...

5.1CVSS5.8AI score0.00203EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.10 views

CVE-2025-34425

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request and is reflected within a...

6.1CVSS5.8AI score0.00344EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/12 12:0 a.m.16 views

MailEnable Message Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6.3AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.6 views

CVE-2025-34397

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

6.1CVSS5.8AI score0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 12:30 a.m.5 views

EUVD-2025-202326

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request and is reflected within a context in the...

5.3CVSS5.3AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 9:13 p.m.17 views

CVE-2025-34425

MailEnable

6.1CVSS5.4AI score0.00344EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 9:13 p.m.3 views

CVE-2025-34425 MailEnable < 10.54 Reflected XSS in WindowContext Parameter of MAI/compose.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request and is reflected within a context in the...

5.3CVSS5.4AI score0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 9:13 p.m.32 views

CVE-2025-34425 MailEnable < 10.54 Reflected XSS in WindowContext Parameter of MAI/compose.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request and is reflected within a context in the...

5.3CVSS0.00344EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202195

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a block in the...

6.1CVSS5.3AI score0.00336EPSS
Exploits0References4
NVD
NVD
added 2025/12/09 6:15 p.m.6 views

CVE-2025-34404

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a block in the...

6.1CVSS0.00336EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:7 p.m.6 views

EUVD-2025-202196

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

6.1CVSS5.3AI score0.00336EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/09 6:7 p.m.3 views

CVE-2025-34397 MailEnable < 10.54 Reflected XSS in Message Parameter of Mobile/Compose.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

5.3CVSS5.3AI score0.00336EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-50272

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of the ''/Mondo/lang/sys/Forms/MAI/compose.aspx'' endpoint. The...

5.3CVSS5.6AI score0.00344EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS5.7AI score0.00336EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.7 views

SUSE CVE-2012-0791

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname parameter to the...

4.3CVSS6.1AI score0.02437EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2019/02/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2012-0791

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname...

4.3CVSS5.8AI score0.02437EPSS
Exploits0References1
Rows per page
Query Builder