4 matches found
CVE-2025-34407
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre...
CVE-2025-34407 MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre...
CVE-2025-34407 MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre...
PT-2025-50145
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the theme parameter of the ''/Mondo/lang/sys/Forms/Statistics.aspx'' endpoint. The theme value is not...