Volerion logoVolerion
Volerion logoVolerion

MailEnable Reflected Cross-Site Scripting Vulnerability in Webmail Interface

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the MailEnable webmail interface, affecting versions prior to 10.55. This vulnerability allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. The issue arises in the ManageShares.aspx form, where the SelectedIndex parameter is not properly sanitized before being embedded in dynamically generated JavaScript, enabling the injection of malicious code.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute JavaScript in the context of the victim's browser.

Reproduction

To reproduce this vulnerability, send a request to the MailEnable webmail interface's ManageShares.aspx page, including a crafted URL that exploits the SelectedIndex parameter. The unsanitized input will be reflected in the JavaScript context, executing the injected script.

Remediation

Users are advised to upgrade to MailEnable version 10.55 or later.

Added: Mar 23, 2026, 8:25 PM
Updated: Mar 23, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
1.7
exploitability
7.7
remediation
7.7
relevance
4.6
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.