Approved changes feed: RSS · Atom

cpe:2.3:a:mailenable:mailenable:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMailenable (ac781917-bc09-5845-a37c-c45d67bfa524)
ProductMailenable (9e2ec56e-3deb-5201-b101-fcc46de7b710)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-32852 vulnerable 2026-06-08 07:57:18.197942 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.
Published: 2026-03-23T19:06:41.939Z
Updated: 2026-05-08T14:00:20.789Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-32851 vulnerable 2026-06-08 07:57:18.197439 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.
Published: 2026-03-23T19:06:27.131Z
Updated: 2026-05-08T14:00:31.931Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-32850 vulnerable 2026-06-08 07:57:18.196027 MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex parameter in the ManageShares.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.
Published: 2026-03-23T19:06:09.045Z
Updated: 2026-05-11T23:11:45.067Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-44148 vulnerable 2026-06-08 07:25:10.650798 Details available
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
Published: 2025-06-03T00:00:00.000Z
Updated: 2025-06-03T15:50:57.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34428 vulnerable 2026-06-08 07:20:59.519074 MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.
Published: 2025-12-10T18:23:56.116Z
Updated: 2026-05-14T02:08:39.473Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34427 vulnerable 2026-06-08 07:20:59.518362 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34425 vulnerable 2026-06-08 07:20:59.517131 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34424 vulnerable 2026-06-08 07:20:59.515695 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34423 vulnerable 2026-06-08 07:20:59.514664 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34422 vulnerable 2026-06-08 07:20:59.513826 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34421 vulnerable 2026-06-08 07:20:59.513017 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34420 vulnerable 2026-06-08 07:20:59.512552 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34419 vulnerable 2026-06-08 07:20:59.499193 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34418 vulnerable 2026-06-08 07:20:59.498647 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34417 vulnerable 2026-06-08 07:20:59.497912 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34416 vulnerable 2026-06-08 07:20:59.461413 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34409 vulnerable 2026-06-08 07:19:03.020043 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34408 vulnerable 2026-06-08 07:19:03.019583 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34407 vulnerable 2026-06-08 07:19:03.019248 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34406 vulnerable 2026-06-08 07:19:03.018904 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34404 vulnerable 2026-06-08 07:19:03.018511 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34403 vulnerable 2026-06-08 07:19:03.018070 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34402 vulnerable 2026-06-08 07:19:03.017611 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34401 vulnerable 2026-06-08 07:19:03.017254 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34400 vulnerable 2026-06-08 07:19:03.016686 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34399 vulnerable 2026-06-08 07:19:03.016334 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34398 vulnerable 2026-06-08 07:19:03.015845 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34397 vulnerable 2026-06-08 07:19:03.015463 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-34396 vulnerable 2026-06-08 07:19:03.014027 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-9279 vulnerable 2026-06-08 05:07:13.506178 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-9278 vulnerable 2026-06-08 05:07:13.505828 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-9277 vulnerable 2026-06-08 05:07:13.505409 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.