Lucene search
K

92 matches found

RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.15 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

9CVSS5.4AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.7 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS5.7AI score0.00244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 5:16 p.m.9 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

9CVSS5.8AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 5:16 p.m.5 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/02/05 5:16 p.m.9 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/02/05 4:15 p.m.4 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS6.1AI score0.00244EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.3 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

5.5AI score0.00261EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.30 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

0.0031EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.5 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

5.8AI score0.00244EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6592

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description The software contains a stored Cross-Site Scripting XSS issue in how it handles the timeFormat account preference parameter. An attacker can leverage this by injecting a malicious...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/05 12:0 a.m.7 views

EUVD-2025-206860

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/05 12:0 a.m.13 views

EUVD-2025-206861

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

5.5AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.27 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

0.00244EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.37 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6593

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description Axigen Mail Server contains multiple stored Cross-Site Scripting XSS issues within the WebAdmin interface. These issues exist in three areas: the log file name parameter on the Local...

5.5AI score0.00261EPSS
Exploits0References4
CVE
CVE
added 2026/02/05 12:0 a.m.24 views

CVE-2025-68722

Axigen Mail Server vulnerable to CSRF in WebAdmin (CVE-2025-68722). Affected: versions before 10.5.57 and 10.6.x before 10.6.26. Issue: improper handling of the _s (breadcrumb) parameter allows GET-based state-changing actions immediately after administrator login by processing base64-encoded com...

8.8CVSS5.8AI score0.00244EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.9 views

PT-2026-6561

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Axigen Mail Server versions 10.6.0 through 10.6.25 Description The software contains a Cross-Site Request Forgery CSRF issue in the WebAdmin interface. This is due to improper handling of the s...

8.8CVSS5.8AI score0.00244EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.27 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

0.00177EPSS
Exploits0References2
Rows per page
Query Builder