CVE-2025-34401

Publication date

2025-12-09 18:09:03

Family

VulnCheck

State

PUBLISHED

Description

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a