CVE-2025-34399

MailEnable versions prior to 10.54 are affected by a reflected XSS in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized for GET requests and is echoed inside a [removed] block in the JavaScript variable sAddrCc, enabling an attack...