CVE-2026-32852

Medium CVSS: 5.1

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.

Vendor

Mailenable

Product

Mailenable

CWE

CWE-79

Yayın Tarihi

2026-03-23 20:16:27

Güncelleme

2026-03-30 14:29:09

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Mailenable MEDIUM Mailenable 2026

Referanslar

https://karmainsecurity.com/KIS-2026-05 https://mailenable.com/Standard-ReleaseNotes.txt https://www.mailenable.com/ https://www.mailenable.com/rss/article.asp?Source=RSSADMIN&ID=MAILENABLEVERSION1055 https://www.vulncheck.com/advisories/mailenable-reflected-xss-via-freebusy-aspx-startdate-parameter

Benzer Kayıtlar

Medium

CVE-2026-32851

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that…

Medium

CVE-2026-32850

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that…

High

CVE-2025-34427

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local crede…

High

CVE-2025-34428

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local crede…

High

CVE-2025-34423

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code exe…

High

CVE-2025-34424

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code exe…