Volerion logoVolerion
Volerion logoVolerion

MailEnable Cross-Site Scripting Vulnerability in Webmail Component

Vulnerability

A reflected cross-site scripting (XSS) vulnerability has been identified in MailEnable versions prior to 10. This issue arises from inadequate sanitization of user input in the 'failure.aspx' component, allowing remote attackers to inject arbitrary JavaScript. The injected script is reflected in the server's response and executed within the context of the user's browser session.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's session.

Reproduction

To reproduce this vulnerability, navigate to the 'failure.aspx' page and append a crafted URL that includes a JavaScript payload, such as an alert function. The injected script will be executed in the user's browser.

Remediation

Users are advised to update to MailEnable version 10.53, which addresses this vulnerability.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
10.0
exploitability
7.9
remediation
7.7
relevance
0.2
threat
6.7
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.