Listen to this Post
How the CVE works:
MailEnable versions before 10.54 have a flaw in /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx.
The “Failed” parameter in GET requests is not properly sanitized.
Attackers can craft a malicious URL with a payload in the Failed parameter.
When the victim clicks the link, the server reflects the payload in the HTTP response.
The payload is designed to break out of existing HTML markup.
It closes an HTML list element to inject attacker-controlled JavaScript.
Remaining code is commented out to ensure smooth execution.
This leads to reflected cross-site scripting (XSS).
The script executes in the victim’s browser context.
Exploitation requires user interaction via a malicious link.
It can redirect victims to malicious websites.
Non-HttpOnly cookies can be stolen.
Arbitrary HTML or CSS can be injected.
Actions can be performed as the authenticated user.
The vulnerability is in the web interface.
It affects the AddRecipientsResult.aspx page.
The issue is due to lack of input validation.
The payload is reflected without encoding.
It leverages client-side script injection.
CVSS score indicates medium severity.
Platform: MailEnable
Version: Prior to 10.54
Vulnerability: Reflected XSS
Severity: Medium
Date: 2025-12-09
Prediction: Patch date unknown
What Undercode Say:
Analytics
curl -v “http://target/Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx?Failed=”
grep -r “Failed” web_root/
python3 xss_scanner.py –url target_page
How Exploit:
Craft URL with payload.
Send link to victim.
Victim clicks link.
Script executes in browser.
Steal cookies or redirect.
Protection from this CVE:
Update to version 10.54.
Sanitize user input.
Implement content security policy.
Use web application firewall.
Impact:
Cookie theft.
Redirect to malware.
Session hijacking.
HTML injection.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
