CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 2CVE-2023-48974 – Axigen < 10.5.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-48974
08 Feb 2024 — Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. Vulnerabilidad de cross-site scripting en Axigen WebMail v.10.5.7 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro serverName_input. • https://www.exploit-db.com/exploits/51963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5379 – Axigen Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-5379
21 Jul 2015 — Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. Vulnerabilidad Cross-Site Scripting (XSS) en actions.hsp en la interfaz de Ajax WebMail en AXIGEN Mail Server en versiones anteriores a la 9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un archivo adjunto en un correo. Axigen's WebMail Ajax interface implements a view ... • http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •