CVE-2023-48974 – Axigen < 10.5.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-48974
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. Vulnerabilidad de cross-site scripting en Axigen WebMail v.10.5.7 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro serverName_input. • https://www.exploit-db.com/exploits/51963 https://github.com/vinnie1717/CVE-2023-48974 https://www.axigen.com/mail-server/download https://www.axigen.com/updates/axigen-10.3.3.61 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5379
https://notcve.org/view.php?id=CVE-2015-5379
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. Vulnerabilidad Cross-Site Scripting (XSS) en actions.hsp en la interfaz de Ajax WebMail en AXIGEN Mail Server en versiones anteriores a la 9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un archivo adjunto en un correo. • http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536046/100/0/threaded https://blogs.securiteam.com/index.php/archives/2534 https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-security-patch-CVE-2015-5379-_341.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2592 – Axigen Mail Server 8.0.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2592
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Vulnerabilidad de XSS en Axigen Mail Server 8.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del cuerpo de un email. Axigen Mail Server version 8.0.1 suffers from a stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/20348 http://osvdb.org/84526 http://www.exploit-db.com/exploits/20348 http://www.securityfocus.com/bid/54899 https://exchange.xforce.ibmcloud.com/vulnerabilities/77515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •