MailEnable Attendees Parameter Cross-Site Scripting Vulnerability

MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable Attendees parameter, which stems from improper cleanup of the Attendees parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...

EUVD-2026-14520

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the Attendees parameter in...

CVE-2026-32851 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...

CVE-2026-32851

MailEnable versions prior to 10.55 contain a reflected XSS in the webmail FreeBusy.aspx Attendees parameter. The Attendees value is embedded into dynamically generated JavaScript without proper sanitization, allowing an attacker to craft a URL that executes arbitrary JavaScript in a victim’s brow...

CVE-2026-32851 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...

PT-2026-27180

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.55 Description The software contains a reflected cross-site scripting issue in the webmail interface. This allows remote attackers to execute arbitrary JavaScript in a victim’s browser by using a malicious URL...

MailEnable 跨站脚本漏洞

MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable Attendees parameter, which stems from improper cleanup of the Attendees parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...

PT-2025-7485 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.13.0 Description: A vulnerability exists in ChurchCRM that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires...