CRITICAL🇵🇱 Wersja polska

CVE-2025-44148

CVSS 9.8v3.1pub. 2025-06-03upd. 2026-07-05

Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component

🤖 AI Analysis
How it works

An attacker exploits the vulnerable failure.aspx component, to which it is possible to submit a malicious payload without authentication and without user interaction on the server side. The injected XSS code is then executed in the context of the application, which according to the description can lead to arbitrary code execution (RCE). The attack is possible remotely over the network, without special privileges or complex conditions.

Impact

An attacker can execute arbitrary code in the context of the application or victim's browser, potentially leading to system takeover, data theft, or further lateral movement in the network.

Mitigation & patch

MailEnable should be updated to version 10 or newer according to vendor information available at mailenable.com

Who is affected

MailEnable in all versions before version 10

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mailenable

    APP
    Mailenable
    < 10.00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEXSS
CWE
References

Related vulnerabilities

CVE-2019-12924CRITICAL9.8ten sam produkt

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could b...

CVE-2015-9277CRITICAL9.1ten sam produkt

MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, an...

CVE-2015-9278CRITICAL9.8ten sam produkt

MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of...

CVE-2015-9280CRITICAL10.0ten sam produkt

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

CVE-2026-44400HIGH8.7ten sam produkt

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdm...