5.3
CVE-2025-34408 - MailEnable < 10.54 Reflected XSS in Added Parameter of MAI/AddRecipientsResult.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an atta…
5.3
CVE-2025-34398 - MailEnable < 10.54 Reflected XSS in AddressesBcc Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a <script> block in the …
5.3
CVE-2025-34399 - MailEnable < 10.54 Reflected XSS in AddressesCc Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a <script> block in the Ja…
5.3
CVE-2025-34400 - MailEnable < 10.54 Reflected XSS in AddressesTo Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a <script> block in the re…
5.3
CVE-2025-34409 - MailEnable < 10.54 Reflected XSS in Failed Parameter of MAI/AddRecipientsResult.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an at…
5.3
CVE-2025-34401 - MailEnable < 10.54 Reflected XSS in FieldBcc Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a <script> block in the JavaScri…
5.3
CVE-2025-34402 - MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a <script> block in the JavaScript…
5.3
CVE-2025-34403 - MailEnable < 10.54 Reflected XSS in FieldTo Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a <script> block in the JavaScript…
5.3
CVE-2025-34406 - MailEnable < 10.54 Reflected XSS in Id Parameter of Mobile/ContactDetails.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a <script> block in the response. By supplying a crafte…
5.3
CVE-2025-34404 - MailEnable < 10.54 Reflected XSS in InstanceScope Parameter of CAL/compose.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a <script> block in th…