Mailenable

Mailenable

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-34404

  • EPSS 0.02%
  • Veröffentlicht 09.12.2025 18:15:50
  • Zuletzt bearbeitet 09.12.2025 19:39:48

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET reque...

6.1

CVE-2025-34403

  • EPSS 0.02%
  • Veröffentlicht 09.12.2025 18:15:50
  • Zuletzt bearbeitet 09.12.2025 21:34:24

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is re...

6.1

CVE-2025-34402

  • EPSS 0.02%
  • Veröffentlicht 09.12.2025 18:15:50
  • Zuletzt bearbeitet 09.12.2025 21:37:25

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is re...

6.1

CVE-2025-34401

  • EPSS 0.02%
  • Veröffentlicht 09.12.2025 18:15:50
  • Zuletzt bearbeitet 09.12.2025 21:37:41

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is ...

6.1

CVE-2025-34400

  • EPSS 0.02%
  • Veröffentlicht 09.12.2025 18:15:50
  • Zuletzt bearbeitet 09.12.2025 21:37:54

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request a...

6.1

CVE-2025-34398

  • EPSS 0.02%
  • Veröffentlicht 09.12.2025 18:15:50
  • Zuletzt bearbeitet 09.12.2025 21:38:31

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request...

6.1

CVE-2025-34397

  • EPSS 0.02%
  • Veröffentlicht 09.12.2025 18:15:49
  • Zuletzt bearbeitet 09.12.2025 21:38:49

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a Jav...

7.3

CVE-2025-34396

  • EPSS 0.01%
  • Veröffentlicht 09.12.2025 18:15:49
  • Zuletzt bearbeitet 10.12.2025 19:05:04

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient inte...

9.8

CVE-2025-44148

Exploit
  • EPSS 14.51%
  • Veröffentlicht 03.06.2025 00:00:00
  • Zuletzt bearbeitet 09.06.2025 18:04:33

Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component

8.8

CVE-2022-42136

  • EPSS 0.33%
  • Veröffentlicht 13.01.2023 21:15:15
  • Zuletzt bearbeitet 07.04.2025 19:15:43

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE ...