CVE-2026-32852

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.55

Description The software contains a reflected cross-site scripting issue in the webmail interface. Remote attackers can execute arbitrary JavaScript in a victim’s browser by using a malicious URL. Attackers can inject malicious code through the StartDate parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.

Recommendations Update to version 10.55 or later.