CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 2CVE-2023-48974 – Axigen < 10.5.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-48974
08 Feb 2024 — Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. Vulnerabilidad de cross-site scripting en Axigen WebMail v.10.5.7 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro serverName_input. • https://www.exploit-db.com/exploits/51963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23566
https://notcve.org/view.php?id=CVE-2023-23566
13 Jan 2023 — A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code. Un problema de verificación en dos pasos en Axigen 10.3.3.52 permite a un atacante acceder a un buzón omitiendo la verificación en dos pasos cuando intenta agregar una cuenta a cualquier servicio de correo web de terceros (o agr... • https://github.com/umz-cert/vulnerabilities/issues/1 • CWE-276: Incorrect Default Permissions •