CVE-2025-34409
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailenable | mailenable | 10.54 |
| mailenable | mailenable | to 10.54 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected cross-site scripting (XSS) issue in MailEnable versions prior to 10.54. It occurs in the Failed parameter of a specific URL endpoint, where the parameter value is not properly sanitized. An attacker can craft a malicious URL that injects arbitrary JavaScript into the response page. When a victim clicks this malicious link, the injected script executes in their browser, potentially allowing the attacker to perform actions such as redirecting the victim to malicious sites, stealing cookies, injecting HTML or CSS, and acting as the authenticated user.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling attackers to execute arbitrary scripts in your browser when you visit a malicious link. This can lead to redirection to malicious websites, theft of non-HttpOnly cookies, injection of arbitrary HTML or CSS, and unauthorized actions performed with your authenticated user privileges, potentially compromising your account and data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows for cross-site scripting that can lead to cookie theft and unauthorized actions as an authenticated user, it could potentially lead to unauthorized access or data breaches, which may affect compliance with data protection regulations. No direct statements about compliance impact are available in the provided text. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can monitor HTTP GET requests to the /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx endpoint, specifically looking for the 'Failed' parameter containing suspicious or encoded script payloads. Using tools like curl or wget, you can send crafted requests to test if the parameter is reflected unsanitized in the response. For example, a command like: curl -v 'http://your-mailenable-server/Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx?Failed=<script>alert(1)</script>' and inspecting the response for reflected script tags can help identify the vulnerability. Additionally, web vulnerability scanners that detect reflected XSS can be used to automate detection. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade MailEnable to version 10.54 or later, where this vulnerability has been addressed. Until the upgrade can be applied, you should restrict access to the vulnerable endpoint if possible, implement web application firewall (WAF) rules to block malicious payloads targeting the 'Failed' parameter, and educate users to avoid clicking suspicious links. Applying input validation and output encoding on the server side is recommended but requires patching or upgrading the software. [2]