XSS in Mailenable

CVE-2026-32852

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers ca…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (8.1th percentile) — read the EPSS interpretation.

Affected products

Mailenable — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.mailenable.com/rss/article.asp (vendor-advisory, patch)
karmainsecurity.com/KIS-2026-05 (technical-description, exploit)
mailenable.com/Standard-ReleaseNotes.txt (release-notes)
www.mailenable.com/ (product)
www.vulncheck.com/advisories/mailenable-reflected-xss-via-freebusy-aspx-startda… (third-party-advisory)