CVE-2026-32850
Reflected XSS in MailEnable Webmail Allows Remote Code Execution
Publication date: 2026-03-23
Last updated on: 2026-03-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailenable | mailenable | to 10.55 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32850 is a reflected cross-site scripting (XSS) vulnerability found in MailEnable versions prior to 10.55. It occurs in the webmail interface where user input is not properly sanitized before being embedded into dynamically generated JavaScript code.
Specifically, the vulnerability affects the SelectedIndex parameter in the ManageShares.aspx page, allowing attackers to craft malicious URLs that inject arbitrary JavaScript code. When a victim clicks such a URL, the malicious script executes in their browser.
This vulnerability is part of multiple reflected XSS issues in MailEnable, including similar flaws in the FreeBusy.aspx page with the Attendees and StartDate parameters.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows remote attackers to execute arbitrary JavaScript in the browsers of users who visit a specially crafted malicious URL.'}, {'type': 'paragraph', 'content': "The impact includes potential session hijacking, data theft, or other malicious actions performed in the context of the victim's browser session."}, {'type': 'paragraph', 'content': 'Because the attack requires user interaction (clicking the malicious link), it can be used in phishing or social engineering campaigns to compromise user accounts or steal sensitive information.'}] [1, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the vulnerable webmail interface endpoints for reflected cross-site scripting (XSS) by injecting malicious payloads into specific GET parameters and observing if the payload is executed in the browser.
- Test the ManageShares.aspx page by crafting a URL with a malicious payload in the SelectedIndex parameter, for example: https://[MailEnable_WebMail]/Mondo/lang/sys/Forms/ManageShares.aspx?SelectedIndex=%27;}alert(%27XSS%27);function%20x(){return%27
- Test the FreeBusy.aspx page by injecting payloads into the Attendees and StartDate parameters, for example: https://[MailEnable_WebMail]/Mondo/lang/sys/Forms/CAL/FreeBusy.aspx?Attendees=%27);}alert(%27XSS%27);function%20x(){return%20x(%27 and https://[MailEnable_WebMail]/Mondo/lang/sys/Forms/CAL/FreeBusy.aspx?StartDate=%27);}alert(%27XSS%27);function%20x(){return%20x(%27
By visiting these crafted URLs in a browser, if an alert box or other JavaScript execution occurs, it indicates the presence of the reflected XSS vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade MailEnable to version 10.55 or later, where these reflected XSS vulnerabilities have been fixed.
Until the upgrade can be applied, restrict access to the vulnerable webmail interface pages if possible, and educate users to avoid clicking on suspicious or untrusted URLs that could exploit this vulnerability.