9 matches found
CVE-2026-32851
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the Attendees parameter in...
CVE-2026-32852
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
MailEnable Attendees Parameter Cross-Site Scripting Vulnerability
MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable Attendees parameter, which stems from improper cleanup of the Attendees parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...
EUVD-2026-14521
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-32852
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-32852
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-32851
MailEnable versions prior to 10.55 contain a reflected XSS in the webmail FreeBusy.aspx Attendees parameter. The Attendees value is embedded into dynamically generated JavaScript without proper sanitization, allowing an attacker to craft a URL that executes arbitrary JavaScript in a victim’s brow...
PT-2026-27180
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.55 Description The software contains a reflected cross-site scripting issue in the webmail interface. This allows remote attackers to execute arbitrary JavaScript in a victim’s browser by using a malicious URL...
MailEnable 跨站脚本漏洞
MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable StartDate parameter, which stems from improper cleanup of the StartDate parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...