21 matches found
MailEnable StartDate Parameter Cross-Site Scripting Vulnerability
MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable StartDate parameter, which stems from improper cleanup of the StartDate parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...
EUVD-2026-14520
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the Attendees parameter in...
CVE-2026-32851
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-32852 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-32852
MailEnable
CVE-2026-32852 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-32851 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-32851
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
CVE-2026-32851 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
PT-2026-27181
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...
MailEnable 跨站脚本漏洞
MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable Attendees parameter, which stems from improper cleanup of the Attendees parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...
📄 MailEnable 10.54 Cross Site Scripting
MailEnable versions 10.54 and below suffer from multiple cross site scripting vulnerabilities. --------------------------------------------------------------------------- MailEnable = 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities...
CVE-2023-38329
An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...
CVE-2023-38327
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...
Information Exposure
Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to Information Exposure via the calendar/freebusy.php process. An attacker can obtain a li...
Cross-site Scripting (XSS)
Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the user parameter in the calendar/freebusy.php process. A...
EGroupware 安全漏洞
EGroupware is an online office platform from EGroupware, Inc. A security vulnerability exists in EGroupware version 17.1.20190111, which stems from the presence of reflective cross-site scripting in calendar/freebusy.php, which could allow an unauthenticated, remote attacker to inject arbitrary w...
CVE-2023-38327
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...
EGroupware 安全漏洞
EGroupware is an online office platform from EGroupware, Inc. A security vulnerability exists in EGroupware version 17.1.20190111, which stems from the presence of user enumeration in calendar/freebusy.php, which could allow an unauthenticated, remote attacker to enumerate web application users...
UBUNTU-CVE-2019-19907
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data...