Lucene search
K

59110 matches found

NVD
NVD
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34398

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

6.1CVSS0.00324EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 6:15 p.m.3 views

CVE-2025-34399

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScript...

6.1CVSS0.00324EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34403

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34404

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a block in the...

6.1CVSS0.00324EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 6:15 p.m.2 views

CVE-2025-34398

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34402

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 6:15 p.m.6 views

CVE-2025-34399

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScript...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 6:15 p.m.3 views

CVE-2025-34397

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

6.1CVSS0.00324EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 6:10 p.m.3 views

CVE-2025-34398 MailEnable < 10.54 Reflected XSS in AddressesBcc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

5.3CVSS5.5AI score0.00324EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:10 p.m.3 views

EUVD-2025-202186

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

6.1CVSS5.4AI score0.00324EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/09 6:8 p.m.2 views

CVE-2025-34402 MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

5.3CVSS5.4AI score0.00324EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 6:8 p.m.19 views

CVE-2025-34402 MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

5.3CVSS0.00324EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 6:8 p.m.17 views

CVE-2025-34403 MailEnable < 10.54 Reflected XSS in FieldTo Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

5.3CVSS0.00324EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 4:17 p.m.1 views

CVE-2025-14330

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

9.8CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2025/12/09 4:17 p.m.5 views

CVE-2025-14325

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

7.3CVSS5.8AI score
Exploits0References5
NVD
NVD
added 2025/12/09 4:17 p.m.2 views

CVE-2025-14330

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

9.8CVSS0.00422EPSS
Exploits0References5
NVD
NVD
added 2025/12/09 4:17 p.m.3 views

CVE-2025-14325

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

7.3CVSS0.00292EPSS
Exploits1References5
NVD
NVD
added 2025/12/09 4:17 p.m.2 views

CVE-2025-14324

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

9.8CVSS0.00481EPSS
Exploits0References6
OSV
OSV
added 2025/12/09 4:17 p.m.6 views

CVE-2025-14324

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

9.8CVSS5.8AI score
Exploits0References6
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2025-14284

Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...

6.1CVSS0.00302EPSS
Exploits1References4
Rows per page
Query Builder