41 matches found
CVE-2025-12460
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
EUVD-2025-37359
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2025-12460
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2025-12460 Stored XSS vulnerability in Afterlogic Aurora webmail
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2025-12460
Summary: CVE-2025-12460 describes a Stored XSS vulnerability in Afterlogic Aurora webmail. Affected versions: 9.8.3 and earlier. ** vulnerability mechanism:** an attacker can embed JavaScript in an HTML email via an img tag, which may execute in the recipient’s webmail browser context. Impact (pe...
CVE-2025-12460 Stored XSS vulnerability in Afterlogic Aurora webmail
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
PT-2025-44626
Name of the Vulnerable Software and Affected Versions Afterlogic Aurora webmail versions 9.8.3 and below Description A cross-site scripting XSS issue exists in Afterlogic Aurora webmail. An attacker can send a specially crafted HTML email message containing JavaScript within an img HTML tag. This...
Afterlogic Aurora 安全漏洞
Afterlogic Aurora is an enterprise mail server platform written in PHP by Afterlogic Inc. in the United States. The platform includes features such as e-mail, file storage and address book management. A security vulnerability exists in Afterlogic Aurora 9.8.3 and prior versions, which stems from...
EUVD-2019-7045
Malware in sbrugna...
EUVD-2023-47595
Malicious code in bioql PyPI...
CVE-2021-26293
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
CVE-2021-26294
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files such as a data/settings/settings.xml file containing admin panel credentials, as demonstrated by dav/server.php/files/personal/%2e%2e when using the...
CVE-2019-16238
Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login...
Malicious code in afterlogic-aurora-platform (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-3375 Malicious code in afterlogic-aurora-platform (npm)
--- -= Per source details. Do not edit below this line.=-...
VulnCheck KEV: CVE-2021-26294
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files such as a data/settings/settings.xml file containing admin panel credentials, as demonstrated by dav/server.php/files/personal/%2e%2e when using the...
CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...
CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...
CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...
Deserialization of untrusted data
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...