CVE-2025-34398
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: VulnCheck

Description
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a <script> block in the JavaScript variable var sAddrBcc. By supplying a crafted payload that terminates the existing LoadCurAddresses() function, inserts attacker-controlled script, and comments out remaining code, a remote attacker can execute arbitrary JavaScript in a victim’s browser when the victim attempts to send an email. Successful exploitation can redirect victims to malicious sites, steal non-HttpOnly cookies, and perform actions as the authenticated user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34398
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mailenable mailenable *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a reflected cross-site scripting (XSS) issue in MailEnable versions prior to 10.54. It occurs in the AddressesBcc parameter of the /Mondo/lang/sys/Forms/AddressBook.aspx page. The parameter is not properly sanitized when processed via a GET request and is reflected inside a <script> block in a JavaScript variable. An attacker can craft a payload that breaks the existing JavaScript function, injects malicious script, and causes it to execute in the victim's browser when they try to send an email. This allows the attacker to run arbitrary JavaScript code on the victim's browser.

Impact Analysis

Exploitation of this vulnerability can allow an attacker to redirect victims to malicious websites, steal non-HttpOnly cookies, and perform actions on behalf of the authenticated user. This can lead to account compromise, data theft, and unauthorized actions within the affected MailEnable environment.

Detection Guidance

To detect this vulnerability, you can test the /Mondo/lang/sys/Forms/AddressBook.aspx endpoint by sending a crafted GET request with the AddressesBcc parameter containing a payload that attempts to inject JavaScript code. For example, using curl: curl -v "http://<mailenable-server>/Mondo/lang/sys/Forms/AddressBook.aspx?AddressesBcc=<script>alert(1)</script>" and observe if the response reflects the script unsanitized within the JavaScript variable var sAddrBcc. If the script is reflected and executed in a browser, the vulnerability exists. Additionally, monitoring HTTP traffic for suspicious GET requests with unusual AddressesBcc parameter values may help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include upgrading MailEnable to version 10.54 or later, where this vulnerability has been addressed. If upgrading is not immediately possible, consider implementing web application firewall (WAF) rules to block or sanitize requests containing suspicious payloads in the AddressesBcc parameter. Additionally, educate users to be cautious of unexpected redirects or unusual behavior when sending emails, and monitor logs for exploitation attempts. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34398. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart