CVE-2025-34404

Publication date

2025-12-09 18:07:47

Family

VulnCheck

State

PUBLISHED

Description

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a