565 matches found
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
PT-2026-6561
Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Axigen Mail Server versions 10.6.0 through 10.6.25 Description The software contains a Cross-Site Request Forgery CSRF issue in the WebAdmin interface. This is due to improper handling of the s...
EUVD-2025-206825
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
Axigen Mail Server 安全漏洞
Axigen Mail Server is a mail server software developed by Axigen Corporation. Versions of Axigen Mail Server prior to 10.5.57 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the WebAdmin interface. A privileged-free administrative account could...
Axigen Mail Server 安全漏洞
Axigen Mail Server is a mail server software developed by Axigen Corporation. Versions prior to 10.5.57 and 10.6.26, as well as versions 10.6.x, have security vulnerabilities. These vulnerabilities stem from the WebAdmin interface’s improper handling of the parameter, allowing for cross-site...
CVE-2025-68721
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...
CVE-2025-68723
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
CVE-2025-68721
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
EUVD-2025-206861
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...
CVE-2025-68723
Axigen Mail Server before 10.5.57 contains multiple stored XSS in the WebAdmin interface. The three vulnerable areas are: (1) log file name parameter on the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name paramete...
CVE-2025-68723
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...
Axigen Mail Server 安全漏洞
Axigen Mail Server is a mail server software developed by Axigen Corporation. Versions of Axigen Mail Server prior to 10.5.57 contained security vulnerabilities. These vulnerabilities stemmed from multiple stored-cross-site scripts in the WebAdmin interface. Attackers could inject and execute...
CVE-2025-68721
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...
EUVD-2025-206828
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...
CVE-2025-68722
Axigen Mail Server vulnerable to CSRF in WebAdmin (CVE-2025-68722). Affected: versions before 10.5.57 and 10.6.x before 10.6.26. Issue: improper handling of the _s (breadcrumb) parameter allows GET-based state-changing actions immediately after administrator login by processing base64-encoded com...
CVE-2025-68723
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...
CVE-2023-49101
WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates...