Skip to main content

Mailenable EUVDEUVD-2025-16734

| CVE-2025-44148 CRITICAL
Cross-site Scripting (XSS) (CWE-79)
2025-06-03 cve@mitre.org
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16734
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
PoC Detected
Jun 09, 2025 - 18:04 vuln.today
Public exploit code
CVE Published
Jun 03, 2025 - 16:15 nvd
CRITICAL 9.8

DescriptionCVE.org

Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component

AnalysisAI

XSS in MailEnable before v10 via failure.aspx. EPSS 11.5%. PoC available.

Technical ContextAI

CWE-79.

RemediationAI

Update.

CVE-2012-0389 MEDIUM POC
4.3 Jan 24

Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4

CVE-2019-12924 CRITICAL
9.8 Jul 08

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploite

CVE-2026-32852 MEDIUM POC
5.1 Mar 23

MailEnable versions prior to 10.55 contain a reflected cross-site scripting (XSS) vulnerability in the webmail interface

CVE-2026-32851 MEDIUM POC
5.1 Mar 23

MailEnable versions prior to 10.55 contain a reflected cross-site scripting (XS) vulnerability in the webmail interface

CVE-2026-32850 MEDIUM POC
5.1 Mar 23

MailEnable versions prior to 10.55 contain a reflected cross-site scripting (XSS) vulnerability in the webmail interface

CVE-2019-12926 HIGH
8.8 Jul 08

MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. Rated high sever

CVE-2012-2588 MEDIUM POC
4.3 Sep 19

Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitr

CVE-2019-12925 HIGH
8.1 Jul 08

MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated user

CVE-2019-12923 MEDIUM
6.5 Jul 08

In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not imp

CVE-2019-12927 MEDIUM
6.1 Jul 08

MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Rated med

Share

EUVD-2025-16734 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy