Lucene search
K

41 matches found

RedhatCVE
RedhatCVE
added 2025/11/01 2:20 p.m.28 views

CVE-2025-12460

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS6.3AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 3:30 p.m.5 views

EUVD-2025-37359

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS5.8AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2025/10/31 2:16 p.m.4 views

CVE-2025-12460

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS0.00405EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/31 1:53 p.m.4 views

CVE-2025-12460 Stored XSS vulnerability in Afterlogic Aurora webmail

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS6AI score0.00405EPSS
Exploits0References1
CVE
CVE
added 2025/10/31 1:53 p.m.15 views

CVE-2025-12460

Summary: CVE-2025-12460 describes a Stored XSS vulnerability in Afterlogic Aurora webmail. Affected versions: 9.8.3 and earlier. ** vulnerability mechanism:** an attacker can embed JavaScript in an HTML email via an img tag, which may execute in the recipient’s webmail browser context. Impact (pe...

5.3CVSS6AI score0.00405EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/31 1:53 p.m.9 views

CVE-2025-12460 Stored XSS vulnerability in Afterlogic Aurora webmail

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS0.00405EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-44626

Name of the Vulnerable Software and Affected Versions Afterlogic Aurora webmail versions 9.8.3 and below Description A cross-site scripting XSS issue exists in Afterlogic Aurora webmail. An attacker can send a specially crafted HTML email message containing JavaScript within an img HTML tag. This...

5.3CVSS5.8AI score0.00405EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.5 views

Afterlogic Aurora 安全漏洞

Afterlogic Aurora is an enterprise mail server platform written in PHP by Afterlogic Inc. in the United States. The platform includes features such as e-mail, file storage and address book management. A security vulnerability exists in Afterlogic Aurora 9.8.3 and prior versions, which stems from...

5.3CVSS6.1AI score0.00405EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-7045

Malware in sbrugna...

6.1CVSS6.3AI score0.00934EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-47595

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01714EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:40 p.m.5 views

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

9.8CVSS7.2AI score0.0711EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:22 p.m.10 views

CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files such as a data/settings/settings.xml file containing admin panel credentials, as demonstrated by dav/server.php/files/personal/%2e%2e when using the...

7.5CVSS6.7AI score0.17345EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:59 a.m.12 views

CVE-2019-16238

Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login...

6.1CVSS6.2AI score0.00934EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/23 3:42 p.m.2 views

Malicious code in afterlogic-aurora-platform (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/04/23 3:42 p.m.5 views

MAL-2025-3375 Malicious code in afterlogic-aurora-platform (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files such as a data/settings/settings.xml file containing admin panel credentials, as demonstrated by dav/server.php/files/personal/%2e%2e when using the...

7.5CVSS5.8AI score0.17345EPSS
Exploits2References1
OSV
OSV
added 2023/10/03 9:15 p.m.4 views

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

8.8CVSS6.1AI score0.01714EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/10/03 9:15 p.m.5 views

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

8.8CVSS7.6AI score0.01714EPSS
Exploits1References5
NVD
NVD
added 2023/10/03 9:15 p.m.23 views

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

8.8CVSS8.8AI score0.01714EPSS
Exploits1References4
Prion
Prion
added 2023/10/03 9:15 p.m.19 views

Deserialization of untrusted data

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

6.5CVSS8.8AI score0.01714EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder