221 matches found
CVE-2023-40355
Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...
Cross site scripting
Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...
PT-2024-13666 · Axigen · Axigen Webmail
Name of the Vulnerable Software and Affected Versions: Axigen WebMail versions prior to 10.3.3.61 Description: The issue allows a remote attacker to escalate privileges via a crafted script to the serverName input parameter. This is a Cross Site Scripting vulnerability. Recommendations: For...
PT-2024-12887 · Axigen · Axigen
Name of the Vulnerable Software and Affected Versions: Axigen versions 10.3.3.0 through 10.3.3.59 Axigen versions 10.4.0 through 10.4.19 Axigen versions 10.5.0 through 10.5.5 Description: The issue is a Cross Site Scripting XSS vulnerability that allows authenticated attackers to execute arbitrar...
Axigen Cross-Site Scripting Vulnerability
Axigen is a mail server with groupware and collaboration features from Axigen. A cross-site scripting vulnerability exists in Axigen. An attacker could exploit this vulnerability to execute arbitrary code and obtain sensitive information. The following versions are affected: versions 10.3.3.0...
CVE-2023-40355
Axigen WebMail contains an XSS vulnerability (CVE-2023-40355) in multiple released lines. Affected are Axigen WebMail server builds: 10.3.3.0–10.3.3.59, 10.4.0–10.4.19, and 10.5.0–10.5.5, where authenticated attackers can exploit the version-switching logic between the Standard and Ajax views to ...
CVE-2023-40355
Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...
CVE-2023-40355
Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...
Exploit for Cross-site Scripting in Axigen Axigen_Mobile_Webmail
Exploit Title: Axigen if xhr1.readyState === XMLHttpRe...
Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS Vulnerability
Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie, true; xhr2.setRequestHeader'Content-Type', 'application/json';...
Axigen 10.5.0–4370c946 Cross Site Scripting
Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie...
Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS
Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie, true; xh...
CVE-2023-23566
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...
CVE-2023-23566
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...
Code injection
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...
CVE-2023-23566
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...
Axigen 安全漏洞
Axigen is a mail server with groupware and collaboration features from Axigen. A security vulnerability exists in Axigen version 10.3.3.52, which stems from a two-step authentication issue that allows an attacker to access mailboxes without any CAPTCHA by bypassing the two-step authentication usi...
PT-2023-19046 · Microsoft +1 · Outlook +1
Name of the Vulnerable Software and Affected Versions: Axigen version 10.3.3.52 Description: A 2-Step Verification issue allows an attacker to access a mailbox by bypassing 2-Step Verification when trying to add an account to any third-party webmail service with IMAP or POP3 without any...
CVE-2023-23566
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...
CVE-2023-23566
CVE-2023-23566 affects Axigen Mail Server v10.3.3.52, where a flaw in the 2-Step Verification flow allows an attacker to bypass 2FA when adding an account to a third‑party webmail service via IMAP/POP3, enabling mailbox access without a verification code. The underlying issue is bypassing 2FA dur...