一、 漏洞 CVE-2025-44148 基础信息
漏洞信息
# N/A
## 漏洞概述
在MailEnable v10之前的版本中,存在一个跨站脚本(XSS)漏洞,该漏洞允许远程攻击者通过failure.aspx组件执行任意代码。
## 影响版本
- 影响版本:MailEnable 早于 v10
## 细节
攻击者可以通过操纵failure.aspx组件导致XSS漏洞,进而执行任意代码。
## 影响
此漏洞可能导致攻击者注入恶意脚本,危害用户安全和数据隐私。
提示
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
漏洞描述信息
CVSS信息
漏洞类别
漏洞标题
漏洞描述信息
CVSS信息
漏洞类别
二、漏洞 CVE-2025-44148 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-44148.yaml | POC详情 |
| 2 | A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary JavaScript code via a crafted URL, which is then reflected in the server's response and executed in the context of the user's browser session. | https://github.com/barisbaydur/CVE-2025-44148 | POC详情 |
三、漏洞 CVE-2025-44148 的情报信息
-
标题: Windows Mail Server, Email Server Software, Mail Servers | MailEnable -- 🔗来源链接
标签:
-
标题: GitHub - barisbaydur/CVE-2025-44148: A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary JavaScript code via a crafted URL, which is then reflected in the server's response and executed in the context of the user's browser session. -- 🔗来源链接
标签:
神龙速读
- https://nvd.nist.gov/vuln/detail/CVE-2025-44148
四、漏洞 CVE-2025-44148 的评论
暂无评论