6.1
CVE-2026-32850
- EPSS 0.31%
- Veröffentlicht 23.03.2026 19:06:09
- Zuletzt bearbeitet 30.03.2026 14:34:21
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex parameter in the ManageShares.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mailenable ≫ Mailenable SwEditionstandard Version < 10.55
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.221 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| disclosure@vulncheck.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://mailenable.com/Standard-ReleaseNotes.txt
https://www.mailenable.com/
https://www.mailenable.com/rss/article.asp?Source=RSSADMIN&ID=MAILENABLEVERSION1055
https://karmainsecurity.com/KIS-2026-05
https://www.vulncheck.com/advisories/mailenable-reflected-xss-via-manageshares-aspx-selectedindex-parameter