CVE-2025-34404

UNKNOWN 0.0

MailEnable < 10.54 Reflected XSS in InstanceScope Parameter of CAL/compose.aspx

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a <script> block in the JavaScript variable var gInstanceScope. By supplying a crafted payload that terminates the existing PageLoad() function, inserts attacker-controlled script, and comments out remaining code, a remote attacker can execute arbitrary JavaScript in a victim’s browser. Successful exploitation can redirect victims to malicious sites, steal non-HttpOnly cookies, inject arbitrary HTML or CSS, and perform actions as the authenticated user.

CWE	CWE-79
Vendor	mailenable
Product	mailenable
Published	Dec 9, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for mailenable mailenable

Be the first to know when new unknown vulnerabilities affecting mailenable mailenable are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MailEnable / MailEnable

0 < 10.54

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mailenable.com: https://mailenable.com/Standard-ReleaseNotes.txt mailenable.com: https://www.mailenable.com/ vulncheck.com: https://www.vulncheck.com/advisories/mailenable-reflected-xss-in-instancescope-parameter-of-cal-compose-aspx

Credits

MushroomSecTeam (Spotify, AmirSUN, M30Brad, Hannah Green, av01t3x, PG)