VYPR

Mailenable

by MailEnable

CVEs (75)

  • CVE-2025-34408Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the…

  • CVE-2025-34398Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a…

  • CVE-2025-34399Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a…

  • CVE-2025-34400Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a…

  • CVE-2025-34409Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the…

  • CVE-2025-34401Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a …

  • CVE-2025-34402Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a …

  • CVE-2025-34403Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a …

  • CVE-2025-34406Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response.…

  • CVE-2025-34404Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a…

  • CVE-2025-34397Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the…

  • CVE-2025-34407Dec 9, 2025
    risk 0.00cvss epss 0.00

    MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response,…

  • CVE-2015-9277Jan 16, 2019
    risk 0.00cvss epss 0.02

    MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.

  • CVE-2015-9280Jan 16, 2019
    risk 0.00cvss epss 0.02

    MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

  • CVE-2015-9278Jan 16, 2019
    risk 0.00cvss epss 0.02

    MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.

  • CVE-2015-9279Jan 16, 2019
    risk 0.00cvss epss 0.01

    MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.

  • CVE-2010-2580Sep 15, 2010
    risk 0.00cvss epss 0.04

    The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers…

  • CVE-2008-3449Aug 4, 2008
    risk 0.00cvss epss 0.02

    MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder.

  • CVE-2006-6605Dec 19, 2006
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.

  • CVE-2006-6484Dec 12, 2006
    risk 0.00cvss epss 0.03

    The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer…