CNNVD-202512-1237 Information
CNNVD ID
CNNVD-202512-1237
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
MailEnable是澳大利亚MailEnable公司的一个基于 Windows 的商业电子邮件服务器。 MailEnable 10.54之前版本存在跨站脚本漏洞,该漏洞源于/Mondo/lang/sys/Forms/AddressBook.aspx中FieldBcc参数清理不当,可能导致反射型跨站脚本攻击。
Description (English)
MailEnable is a Windows-based commercial e-mail server for MailEnable, Australia. The previous version of MailEnable 10.54 had a cross-site script loophole, which originated in/Mondo/lang/sys/Forms/AddressBook.aspx ’ s inappropriate clean-up of FieldBcc parameters, which could lead to a reflex-type cross-station script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
MailEnable
Published
2025-12-09
Last Modified
2026-02-24
References
https://www.mailenable.com/ https://www.vulncheck.com/advisories/mailenable-reflected-xss-in-fieldbcc-parameter-of-addressbook-aspx https://mailenable.com/Standard-ReleaseNotes.txt https://access.redhat.com/security/cve/cve-2025-34401
Patch
https://mailenable.com/download.asp
Share on: