Lucene search
K

221 matches found

NVD
NVD
added 2024/02/07 8:15 a.m.23 views

CVE-2023-40355

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...

5.4CVSS5.4AI score0.0109EPSS
Exploits1References1
Prion
Prion
added 2024/02/07 8:15 a.m.17 views

Cross site scripting

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...

4.9CVSS6.3AI score0.0109EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.8 views

PT-2024-13666 · Axigen · Axigen Webmail

Name of the Vulnerable Software and Affected Versions: Axigen WebMail versions prior to 10.3.3.61 Description: The issue allows a remote attacker to escalate privileges via a crafted script to the serverName input parameter. This is a Cross Site Scripting vulnerability. Recommendations: For...

9.6CVSS9AI score0.02962EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.6 views

PT-2024-12887 · Axigen · Axigen

Name of the Vulnerable Software and Affected Versions: Axigen versions 10.3.3.0 through 10.3.3.59 Axigen versions 10.4.0 through 10.4.19 Axigen versions 10.5.0 through 10.5.5 Description: The issue is a Cross Site Scripting XSS vulnerability that allows authenticated attackers to execute arbitrar...

5.4CVSS5.4AI score0.0109EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.5 views

Axigen Cross-Site Scripting Vulnerability

Axigen is a mail server with groupware and collaboration features from Axigen. A cross-site scripting vulnerability exists in Axigen. An attacker could exploit this vulnerability to execute arbitrary code and obtain sensitive information. The following versions are affected: versions 10.3.3.0...

5.4CVSS6.7AI score0.0109EPSS
Exploits1References2
CVE
CVE
added 2024/02/07 12:0 a.m.68 views

CVE-2023-40355

Axigen WebMail contains an XSS vulnerability (CVE-2023-40355) in multiple released lines. Affected are Axigen WebMail server builds: 10.3.3.0–10.3.3.59, 10.4.0–10.4.19, and 10.5.0–10.5.5, where authenticated attackers can exploit the version-switching logic between the Standard and Ajax views to ...

5.4CVSS5.4AI score0.0109EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/02/07 12:0 a.m.26 views

CVE-2023-40355

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...

5.6AI score0.0109EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/07 12:0 a.m.9 views

CVE-2023-40355

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...

6.1AI score0.0109EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2023/09/13 5:59 a.m.355 views

Exploit for Cross-site Scripting in Axigen Axigen_Mobile_Webmail

Exploit Title: Axigen if xhr1.readyState === XMLHttpRe...

6.1CVSS6.4AI score0.52088EPSS
Exploits4
0day.today
0day.today
added 2023/09/11 12:0 a.m.308 views

Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS Vulnerability

Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie, true; xhr2.setRequestHeader'Content-Type', 'application/json';...

6.1CVSS6.3AI score0.52088EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.288 views

Axigen 10.5.0–4370c946 Cross Site Scripting

Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie...

6.1CVSS7.1AI score0.52088EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.437 views

Axigen &lt; 10.3.3.47, 10.2.3.12 - Reflected XSS

Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie, true; xh...

6.1CVSS6.3AI score0.52088EPSS
Exploits4
OSV
OSV
added 2023/01/13 4:15 a.m.7 views

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

9.8CVSS5.8AI score0.00948EPSS
Exploits0References4
NVD
NVD
added 2023/01/13 4:15 a.m.15 views

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

9.8CVSS9.4AI score0.00948EPSS
Exploits0References4
Prion
Prion
added 2023/01/13 4:15 a.m.14 views

Code injection

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

7.5CVSS9.2AI score0.00948EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/01/13 12:0 a.m.13 views

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

9.5AI score0.00948EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.3 views

Axigen 安全漏洞

Axigen is a mail server with groupware and collaboration features from Axigen. A security vulnerability exists in Axigen version 10.3.3.52, which stems from a two-step authentication issue that allows an attacker to access mailboxes without any CAPTCHA by bypassing the two-step authentication usi...

9.8CVSS8.3AI score0.00948EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.5 views

PT-2023-19046 · Microsoft +1 · Outlook +1

Name of the Vulnerable Software and Affected Versions: Axigen version 10.3.3.52 Description: A 2-Step Verification issue allows an attacker to access a mailbox by bypassing 2-Step Verification when trying to add an account to any third-party webmail service with IMAP or POP3 without any...

9.8CVSS7.2AI score0.00948EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/01/13 12:0 a.m.9 views

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

6.8AI score0.00948EPSS
Exploits0References4
CVE
CVE
added 2023/01/13 12:0 a.m.65 views

CVE-2023-23566

CVE-2023-23566 affects Axigen Mail Server v10.3.3.52, where a flaw in the 2-Step Verification flow allows an attacker to bypass 2FA when adding an account to a third‑party webmail service via IMAP/POP3, enabling mailbox access without a verification code. The underlying issue is bypassing 2FA dur...

9.8CVSS9.2AI score0.00948EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder