CVE-2022-31470 – Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS

https://notcve.org/view.php?id=CVE-2022-31470

07 Jun 2022 — An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. Una vulnerabilidad de tipo XSS en la sección index_mobile_changepass.hsp reset-password de Axigen Mobile WebMail versiones anteriores a 10.2.3.12 y 10.3.x anteriores a 10.3.3.47 permite a atacantes ejecutar có... • https://packetstorm.news/files/id/174551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •