CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28589
https://notcve.org/view.php?id=CVE-2024-28589
03 Apr 2024 — An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization. Se descubrió un problema en Axigen Mail Server para Windows versiones 10.5.18 y anteriores, que permite a atacantes locales con pocos privilegios ejecutar código arbitrario y escalar privilegios mediante la carga insegura de DLL desde un directorio ... • https://github.com/Alaatk/CVE-2024-28589 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26942
https://notcve.org/view.php?id=CVE-2020-26942
06 Mar 2024 — An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account. Un problema descubierto en Axigen Mail Server 10.3.x anterior a 10.3.1.27 y 10.3.2.x anterior a 10.3.3.1 permite a atacantes no autenticados enviar una solicitud de operación setAdminPassword, estableciendo posteriormente una nueva contraseña arbitraria para la cuent... • https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Authentication-Bypass-Vulnerability-CVE-2020-26942-_387.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 2CVE-2023-48974 – Axigen < 10.5.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-48974
08 Feb 2024 — Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. Vulnerabilidad de cross-site scripting en Axigen WebMail v.10.5.7 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro serverName_input. • https://www.exploit-db.com/exploits/51963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49101
https://notcve.org/view.php?id=CVE-2023-49101
08 Feb 2024 — WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. WebAdmin en Axigen 10.3.x anterior a 10.3.3.61, 10.4.x anterior a 10.4.24 y 10.5.x anterior a 10.5.10 permite ataques XSS contra administradores debido al mal manejo de la visualización del uso de certificados SSL. • https://www.axigen.com/kb/show/400 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 26%CPEs: 3EXPL: 0CVE-2023-40355
https://notcve.org/view.php?id=CVE-2023-40355
07 Feb 2024 — Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. Vulnerabilidad de Cross Site Scripting (XSS) en las versiones de Axigen 10.3.3.0 anteriores a 10.3.3.59, 10.4.0 anteriores a 10.4.19 y 10.5.0 anteriores a 10.5.5, permite a atacantes autenticados ejecutar código arbitr... • https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23566
https://notcve.org/view.php?id=CVE-2023-23566
13 Jan 2023 — A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code. Un problema de verificación en dos pasos en Axigen 10.3.3.52 permite a un atacante acceder a un buzón omitiendo la verificación en dos pasos cuando intenta agregar una cuenta a cualquier servicio de correo web de terceros (o agr... • https://github.com/umz-cert/vulnerabilities/issues/1 • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 23%CPEs: 2EXPL: 2CVE-2022-31470 – Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-31470
07 Jun 2022 — An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. Una vulnerabilidad de tipo XSS en la sección index_mobile_changepass.hsp reset-password de Axigen Mobile WebMail versiones anteriores a 10.2.3.12 y 10.3.x anteriores a 10.3.3.47 permite a atacantes ejecutar có... • https://packetstorm.news/files/id/174551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5379 – Axigen Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-5379
21 Jul 2015 — Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. Vulnerabilidad Cross-Site Scripting (XSS) en actions.hsp en la interfaz de Ajax WebMail en AXIGEN Mail Server en versiones anteriores a la 9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un archivo adjunto en un correo. Axigen's WebMail Ajax interface implements a view ... • http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2012-2592 – Axigen Mail Server 8.0.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2592
18 Jun 2014 — Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Vulnerabilidad de XSS en Axigen Mail Server 8.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del cuerpo de un email. • https://www.exploit-db.com/exploits/20348 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •