CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49101
https://notcve.org/view.php?id=CVE-2023-49101
WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. WebAdmin en Axigen 10.3.x anterior a 10.3.3.61, 10.4.x anterior a 10.4.24 y 10.5.x anterior a 10.5.10 permite ataques XSS contra administradores debido al mal manejo de la visualización del uso de certificados SSL. • https://www.axigen.com/kb/show/400 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40355
https://notcve.org/view.php?id=CVE-2023-40355
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. Vulnerabilidad de Cross Site Scripting (XSS) en las versiones de Axigen 10.3.3.0 anteriores a 10.3.3.59, 10.4.0 anteriores a 10.4.19 y 10.5.0 anteriores a 10.5.5, permite a atacantes autenticados ejecutar código arbitrario y obtener información confidencial a través de la lógica de cambiar entre las versiones Standard y Ajax. • https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31470 – Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-31470
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. Una vulnerabilidad de tipo XSS en la sección index_mobile_changepass.hsp reset-password de Axigen Mobile WebMail versiones anteriores a 10.2.3.12 y 10.3.x anteriores a 10.3.3.47 permite a atacantes ejecutar código Javascript arbitrario que, usando una sesión de usuario final activa (para un usuario conectado), puede acceder y recuperar el contenido del buzón Axigen versions 10.5.0–4370c946 and below suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51722 http://packetstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Scripting.html https://axigen.com https://www.axigen.com/knowledgebase/Axigen-Mobile-WebMail-XSS-Vulnerability-CVE-2022-31470-_390.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •