CVE Catalog
CVE-2025-44148
CriticalCVSS 9.8Exploitation Probability (EPSS)
Very high risk49.70%
99th percentile - higher than 99% of all known CVEs
Summary
Cross Site Scripting (XSS) vulnerability in MailEnable before version 10 allows a remote attacker to execute arbitrary code via the failure.aspx component.
Risk Assessment
An attacker can inject malicious scripts, leading to session theft, user account compromise, or malware distribution within the organization.
Recommendation
Immediately upgrade MailEnable to version 10 or later and implement input filtering on the failure.aspx component.
Original NVD description (English source)
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component

