barisbaydur/CVE-2025-44148

Releases0

A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary JavaScript code via a crafted URL, which is then reflected in the server's response and executed in the context of the user's browser session.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-44148 ↗	Jun 3, 2025Tuesday, 3 June 2025, 16:15	9.8 CRITICAL	—
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component