Mailenable
Approved changes feed: RSS · Atom
cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*
part: a version: * update: *
| Vendor | Mailenable (ac781917-bc09-5845-a37c-c45d67bfa524) |
|---|---|
| Product | Mailenable (9e2ec56e-3deb-5201-b101-fcc46de7b710) |
| Edition | * |
| Language | * |
| Software edition | standard |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-32852 |
vulnerable | 2026-06-08 07:57:18.198102 |
MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.
Published: 2026-03-23T19:06:41.939Z
Updated: 2026-05-08T14:00:20.789Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32851 |
vulnerable | 2026-06-08 07:57:18.197608 |
MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.
Published: 2026-03-23T19:06:27.131Z
Updated: 2026-05-08T14:00:31.931Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32850 |
vulnerable | 2026-06-08 07:57:18.197033 |
MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex parameter in the ManageShares.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.
Published: 2026-03-23T19:06:09.045Z
Updated: 2026-05-11T23:11:45.067Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34428 |
vulnerable | 2026-06-08 07:20:59.519129 |
MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.
Published: 2025-12-10T18:23:56.116Z
Updated: 2026-05-14T02:08:39.473Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34427 |
vulnerable | 2026-06-08 07:20:59.518518 |
MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.
Published: 2025-12-10T18:24:13.947Z
Updated: 2026-05-14T02:08:38.576Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34425 |
vulnerable | 2026-06-08 07:20:59.517294 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34424 |
vulnerable | 2026-06-08 07:20:59.515821 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34423 |
vulnerable | 2026-06-08 07:20:59.514794 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34422 |
vulnerable | 2026-06-08 07:20:59.514005 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34421 |
vulnerable | 2026-06-08 07:20:59.513182 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34420 |
vulnerable | 2026-06-08 07:20:59.512640 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34419 |
vulnerable | 2026-06-08 07:20:59.499342 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34418 |
vulnerable | 2026-06-08 07:20:59.498695 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34417 |
vulnerable | 2026-06-08 07:20:59.498062 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34416 |
vulnerable | 2026-06-08 07:20:59.497176 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34409 |
vulnerable | 2026-06-08 07:19:03.020078 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34408 |
vulnerable | 2026-06-08 07:19:03.019614 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34407 |
vulnerable | 2026-06-08 07:19:03.019282 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34406 |
vulnerable | 2026-06-08 07:19:03.018943 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34404 |
vulnerable | 2026-06-08 07:19:03.018541 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34403 |
vulnerable | 2026-06-08 07:19:03.018203 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34402 |
vulnerable | 2026-06-08 07:19:03.017644 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34401 |
vulnerable | 2026-06-08 07:19:03.017293 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34400 |
vulnerable | 2026-06-08 07:19:03.016829 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34399 |
vulnerable | 2026-06-08 07:19:03.016370 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34398 |
vulnerable | 2026-06-08 07:19:03.015883 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34397 |
vulnerable | 2026-06-08 07:19:03.015508 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34396 |
vulnerable | 2026-06-08 07:19:03.014937 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-42136 |
vulnerable | 2026-06-08 05:49:29.511580 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-9280 |
vulnerable | 2026-06-08 05:07:13.507682 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.