Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-49101 | 1 Axigen | 1 Axigen Mobile Webmail | 2024-11-21 | N/A | 6.1 MEDIUM |
WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | |||||
CVE-2023-40355 | 1 Axigen | 1 Axigen Mobile Webmail | 2024-11-21 | N/A | 5.4 MEDIUM |
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. | |||||
CVE-2022-31470 | 1 Axigen | 1 Axigen Mobile Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. |