Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html | Third Party Advisory VDB Entry |
| http://www.securityfocus.com/archive/1/536046/100/0/threaded | |
| https://blogs.securiteam.com/index.php/archives/2534 | Third Party Advisory VDB Entry |
| https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-security-patch-CVE-2015-5379-_341.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-10-23 18:29
Updated : 2024-02-28 16:04
NVD link : CVE-2015-5379
Mitre link : CVE-2015-5379
CVE.ORG link : CVE-2015-5379
JSON object : View
Products Affected
axigen
- axigen_mail_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')