[KIS-2026-05] MailEnable <= 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities
好的,我现在需要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100字以内,不需要特定的开头,直接描述文章内容。 首先,我快速浏览文章内容。这篇文章是关于MailEnable软件的安全漏洞公告。主要提到三个反射型跨站脚本(XSS)漏洞,分别存在于ManageShares.aspx和FreeBusy.aspx的三个参数中:SelectedIndex、Attendees和StartDate。攻击者可以通过构造恶意链接来利用这些漏洞,执行任意JavaScript代码。 接下来,解决方案是升级到10.55或更高版本。漏洞发现者是Egidio Romano,披露时间在2026年3月23日。 现在,我需要将这些关键信息浓缩到100字以内。要包括软件名称、漏洞类型、影响版本、具体问题、解决方法和披露时间。 可能的结构:软件名称+版本+漏洞数量+漏洞类型+具体页面和参数+解决方法+披露时间。 注意用词简洁,避免重复。例如,“多个反射型XSS漏洞”可以概括三个问题。 最后检查字数是否符合要求,并确保信息准确无误。 </think> MailEnable 10.54及以下版本存在多个反射型跨站脚本(XSS)漏洞,涉及ManageShares.aspx和FreeBusy.aspx页面中的参数未正确过滤。攻击者可利用这些漏洞注入恶意脚本。建议升级至10.55或更高版本修复问题。 2026-3-29 03:10:41 Author: seclists.org(查看原文) 阅读量:0 收藏
好的,我现在需要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100字以内,不需要特定的开头,直接描述文章内容。 首先,我快速浏览文章内容。这篇文章是关于MailEnable软件的安全漏洞公告。主要提到三个反射型跨站脚本(XSS)漏洞,分别存在于ManageShares.aspx和FreeBusy.aspx的三个参数中:SelectedIndex、Attendees和StartDate。攻击者可以通过构造恶意链接来利用这些漏洞,执行任意JavaScript代码。 接下来,解决方案是升级到10.55或更高版本。漏洞发现者是Egidio Romano,披露时间在2026年3月23日。 现在,我需要将这些关键信息浓缩到100字以内。要包括软件名称、漏洞类型、影响版本、具体问题、解决方法和披露时间。 可能的结构:软件名称+版本+漏洞数量+漏洞类型+具体页面和参数+解决方法+披露时间。 注意用词简洁,避免重复。例如,“多个反射型XSS漏洞”可以概括三个问题。 最后检查字数是否符合要求,并确保信息准确无误。 </think> MailEnable 10.54及以下版本存在多个反射型跨站脚本(XSS)漏洞,涉及ManageShares.aspx和FreeBusy.aspx页面中的参数未正确过滤。攻击者可利用这些漏洞注入恶意脚本。建议升级至10.55或更高版本修复问题。 2026-3-29 03:10:41 Author: seclists.org(查看原文) 阅读量:0 收藏
Full Disclosure mailing list archives
From: Egidio Romano <n0b0d13s () gmail com>
Date: Mon, 23 Mar 2026 17:35:58 +0100
--------------------------------------------------------------------------- MailEnable <= 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- [-] Software Link: https://www.mailenable.com [-] Affected Versions: Version 10.54 and prior versions. [-] Vulnerabilities Description: 1) Vulnerable code in ManageShares.aspx User input passed through the "SelectedIndex" GET parameter to the /Mondo/lang/sys/Forms/ManageShares.aspx page is not properly sanitized before being used to generate JavaScript code, allowing an attacker to break out of the existing function and inject arbitrary JavaScript. This can be exploited by attackers to perform Reflected Cross-Site Scripting (XSS) attacks. Proof of Concept: https://[MailEnable_WebMail]/Mondo/lang/sys/Forms/ManageShares.aspx?SelectedIndex=%27;}alert(%27XSS%27);function%20x(){return%27 An attacker can use a crafted link like the one above to trick a victim user into issuing a request containing a malicious payload. The application reflects unsanitized input into JavaScript code, enabling execution of arbitrary script in the victim's browser. 2) Vulnerable code in FreeBusy.aspx User input passed through the "Attendees" GET parameter to the /Mondo/lang/sys/Forms/CAL/FreeBusy.aspx page is not properly sanitized before being used to generate JavaScript code, allowing an attacker to break out of the existing function and inject arbitrary JavaScript. This can be exploited by attackers to perform Reflected Cross-Site Scripting (XSS) attacks. Proof of Concept: https://[MailEnable_WebMail]/Mondo/lang/sys/Forms/CAL/FreeBusy.aspx?Attendees=%27);}alert(%27XSS%27);function%20x(){return%20x(%27 An attacker can use a crafted link like the one above to trick a victim user into issuing a request containing a malicious payload. The application reflects unsanitized input into JavaScript code, enabling execution of arbitrary script in the victim's browser. 3) Vulnerable code in FreeBusy.aspx User input passed through the "StartDate" GET parameter to the /Mondo/lang/sys/Forms/CAL/FreeBusy.aspx page is not properly sanitized before being used to generate JavaScript code, allowing an attacker to break out of the existing function and inject arbitrary JavaScript. This can be exploited by attackers to perform Reflected Cross-Site Scripting (XSS) attacks. Proof of Concept: https://[MailEnable_WebMail]/Mondo/lang/sys/Forms/CAL/FreeBusy.aspx?StartDate=%27);}alert(%27XSS%27);function%20x(){return%20x(%27 An attacker can use a crafted link like the one above to trick a victim user into issuing a request containing a malicious payload. The application reflects unsanitized input into JavaScript code, enabling execution of arbitrary script in the victim's browser. [-] Solution: Upgrade to version 10.55 or later. [-] Disclosure Timeline: [24/02/2026] - Vendor notified [02/03/2026] - Vendor released version 10.55, including fixes for these vulnerabilities [02/03/2026] - CVE identifier requested [23/03/2026] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.org) has not assigned a CVE identifier for these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Other References: https://www.mailenable.com/rss/article.asp?Source=RSSADMIN&ID=MAILENABLEVERSION1055 [-] Original Advisory: https://karmainsecurity.com/KIS-2026-05 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- [KIS-2026-05] MailEnable <= 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano (Mar 28)
文章来源: https://seclists.org/fulldisclosure/2026/Mar/15
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh