Lucene search
+L

221 matches found

Nuclei
Nuclei
added yesterday99 views

Axigen WebMail - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. id:...

5.4CVSS6.1AI score0.01081EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago44 views

Axigen WebMail - Cross-Site Scripting

Axigen WebMail versions 10.5.0-4370c946 and older are vulnerable to reflected XSS via the m parameter in the /index.hsp endpoint. id: CVE-2022-31470 info: name: Axigen WebMail - Cross-Site Scripting author: AmirZargham severity: medium description: | Axigen WebMail versions 10.5.0-4370c946 and...

6.1CVSS6.4AI score0.52088EPSS
Exploits4References3
Nuclei
Nuclei
added 2 days ago31 views

Axigen Mail Server Filename Directory Traversal

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...

6.4CVSS6.2AI score0.83632EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.16 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

9CVSS5.4AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.8 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

8.1CVSS5.4AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.10 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS5.7AI score0.00244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.8 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 5:16 p.m.9 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

9CVSS5.8AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 5:16 p.m.6 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/02/05 5:16 p.m.10 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/02/05 4:15 p.m.6 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 4:15 p.m.5 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS6.1AI score0.00244EPSS
Exploits1References3
NVD
NVD
added 2026/02/05 4:15 p.m.10 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

8.1CVSS0.0031EPSS
Exploits0References3
NVD
NVD
added 2026/02/05 4:15 p.m.22 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS0.00244EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.12 views

Axigen Mail Server 安全漏洞

Axigen Mail Server is a mail server software developed by Axigen Corporation. Versions of Axigen Mail Server prior to 10.5.57 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the WebAdmin interface. A privileged-free administrative account could...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6592

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description The software contains a stored Cross-Site Scripting XSS issue in how it handles the timeFormat account preference parameter. An attacker can leverage this by injecting a malicious...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.8 views

Axigen Mail Server 安全漏洞

Axigen Mail Server is a mail server software developed by Axigen Corporation. Versions of Axigen Mail Server prior to 10.5.57 contained security vulnerabilities. These vulnerabilities stemmed from the use of a stored-xss attack during the processing of the timeFormat account preference parameter...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.7 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

9.1CVSS5.4AI score0.0031EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.3 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

5.5AI score0.00261EPSS
Exploits0References3
Rows per page
Query Builder