CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48974 – Axigen < 10.5.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-48974
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. Vulnerabilidad de cross-site scripting en Axigen WebMail v.10.5.7 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro serverName_input. • https://www.exploit-db.com/exploits/51963 https://github.com/vinnie1717/CVE-2023-48974 https://www.axigen.com/mail-server/download https://www.axigen.com/updates/axigen-10.3.3.61 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23566
https://notcve.org/view.php?id=CVE-2023-23566
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code. Un problema de verificación en dos pasos en Axigen 10.3.3.52 permite a un atacante acceder a un buzón omitiendo la verificación en dos pasos cuando intenta agregar una cuenta a cualquier servicio de correo web de terceros (o agregar una cuenta a Outlook o Gmail, etc. ) con IMAP o POP3 sin ningún código de verificación. • https://github.com/umz-cert/vulnerabilities/issues/1 https://github.com/umz-cert/vulnerabilitys/blob/patch-1/Axigen%20Mail%20Server%2010.3.3.52%202-Step%20verification https://www.axigen.com/documentation/2-step-verification-two-factor-authentication-for-webmail-p69140479 https://www.axigen.com/mail-server/download •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5379
https://notcve.org/view.php?id=CVE-2015-5379
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. Vulnerabilidad Cross-Site Scripting (XSS) en actions.hsp en la interfaz de Ajax WebMail en AXIGEN Mail Server en versiones anteriores a la 9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un archivo adjunto en un correo. • http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536046/100/0/threaded https://blogs.securiteam.com/index.php/archives/2534 https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-security-patch-CVE-2015-5379-_341.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2012-2592 – Axigen Mail Server 8.0.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2592
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Vulnerabilidad de XSS en Axigen Mail Server 8.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del cuerpo de un email. Axigen Mail Server version 8.0.1 suffers from a stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/20348 http://osvdb.org/84526 http://www.exploit-db.com/exploits/20348 http://www.securityfocus.com/bid/54899 https://exchange.xforce.ibmcloud.com/vulnerabilities/77515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •