CVE-2025-34406 in MailEnableinfo

Zusammenfassung

von MITRE • 09.12.2025

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a <script> block in the response. By supplying a crafted payload that terminates an existing JavaScript function, inserts attacker-controlled script, and comments out remaining code, a remote attacker can execute arbitrary JavaScript in a victim’s browser when the victim opens a malicious link. Successful exploitation can redirect victims to malicious sites, steal cookies not protected by HttpOnly, inject arbitrary HTML or CSS, and perform actions as the authenticated user.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

15.04.2025

Veröffentlichung

09.12.2025

Moderieren

akzeptiert

Eintrag

VDB-335495

CPE

bereit

EPSS

0.00011

KEV

nein

Aktivitäten

very low

Sektor

Finance, Police, ...

Quellen

MITREhttps://www.cve.org/CVERecord?id=CVE-2025-34406
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-34406
CVE Detailshttps://www.cvedetails.com/cve/CVE-2025-34406/

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!