Mailenable
by MailEnable
CVEs (75)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34408 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the… | |||
| CVE-2025-34398 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a… | |||
| CVE-2025-34399 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a… | |||
| CVE-2025-34400 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a… | |||
| CVE-2025-34409 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the… | |||
| CVE-2025-34401 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a … | |||
| CVE-2025-34402 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a … | |||
| CVE-2025-34403 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a … | |||
| CVE-2025-34406 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response.… | |||
| CVE-2025-34404 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a… | |||
| CVE-2025-34397 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the… | |||
| CVE-2025-34407 | 0.00 | — | 0.00 | Dec 9, 2025 | MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response,… | |||
| CVE-2015-9277 | 0.00 | — | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. | |||
| CVE-2015-9280 | 0.00 | — | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | |||
| CVE-2015-9278 | 0.00 | — | 0.02 | Jan 16, 2019 | MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | |||
| CVE-2015-9279 | 0.00 | — | 0.01 | Jan 16, 2019 | MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | |||
| CVE-2010-2580 | 0.00 | — | 0.04 | Sep 15, 2010 | The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers… | |||
| CVE-2008-3449 | 0.00 | — | 0.02 | Aug 4, 2008 | MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. | |||
| CVE-2006-6605 | 0.00 | — | 0.06 | Dec 19, 2006 | Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | |||
| CVE-2006-6484 | 0.00 | — | 0.03 | Dec 12, 2006 | The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer… |
- CVE-2025-34408Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the…
- CVE-2025-34398Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a…
- CVE-2025-34399Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a…
- CVE-2025-34400Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a…
- CVE-2025-34409Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the…
- CVE-2025-34401Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a …
- CVE-2025-34402Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a …
- CVE-2025-34403Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a …
- CVE-2025-34406Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response.…
- CVE-2025-34404Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a…
- CVE-2025-34397Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the…
- CVE-2025-34407Dec 9, 2025risk 0.00cvss —epss 0.00
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response,…
- CVE-2015-9277Jan 16, 2019risk 0.00cvss —epss 0.02
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.
- CVE-2015-9280Jan 16, 2019risk 0.00cvss —epss 0.02
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
- CVE-2015-9278Jan 16, 2019risk 0.00cvss —epss 0.02
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
- CVE-2015-9279Jan 16, 2019risk 0.00cvss —epss 0.01
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
- CVE-2010-2580Sep 15, 2010risk 0.00cvss —epss 0.04
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers…
- CVE-2008-3449Aug 4, 2008risk 0.00cvss —epss 0.02
MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.
- CVE-2006-6605Dec 19, 2006risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
- CVE-2006-6484Dec 12, 2006risk 0.00cvss —epss 0.03
The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer…
Page 3 of 4