CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain...

4.8CVSS5.8AI score0.00516EPSS

Exploits1References1

OSV•added 2019/11/26 4:15 p.m.•2 views

CVE-2019-19129

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name...

6.1CVSS6.4AI score0.00802EPSS

Exploits0References2

Prion•added 2019/11/26 4:15 p.m.•14 views

Cross site scripting

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name...

4.3CVSS6AI score0.00802EPSS

Exploits0References2Affected Software2

Cvelist•added 2019/11/26 3:25 p.m.•13 views

CVE-2019-19129

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name...

6AI score0.00802EPSS

Exploits0References2

OSV•added 2017/09/19 7:29 a.m.•3 views

CVE-2017-14597

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain...

4.8CVSS5.8AI score0.00516EPSS

Exploits1References1

NVD•added 2017/09/19 7:29 a.m.•12 views

CVE-2017-14597

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain...

4.8CVSS4.9AI score0.00516EPSS

Exploits1References1

Prion•added 2017/09/19 7:29 a.m.•13 views

Design/Logic Flaw

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain...

3.5CVSS4.8AI score0.00516EPSS

Exploits1References1Affected Software2

Cvelist•added 2017/09/19 7:0 a.m.•13 views

CVE-2017-14597

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain...

4.9AI score0.00516EPSS

Exploits1References1

CVE•added 2017/09/19 7:0 a.m.•59 views

CVE-2017-14597

Affected software: AfterLogic WebMail 7.7 and Aurora 7.7.5; component: AdminPanel via adminpanel/modules/pro/inc/ajax.php. Issue: cross-site scripting (XSS) vulnerability exploitable via the txtDomainName field during domain addition. Root cause: improper handling of input in the AdminPanel domai...

4.8CVSS4.8AI score0.00516EPSS

Exploits1References1Affected Software2

CNVD•added 2017/09/19 12:0 a.m.•2 views

AfterLogic WebMail and Aurora Cross-Site Scripting Vulnerabilities

AfterLogic WebMail and Aurora are both products of AfterLogic, Inc. AfterLogic Aurora is a set of enterprise-class e-mail servers.WebMail is an e-mail client.AdminPanel is one of the back-end management systems. A cross-site scripting vulnerability exists in AfterLogic WebMail version 7.7 and...

4.8CVSS6.4AI score0.00516EPSS

Exploits1References1

Packet Storm•added 2016/05/24 12:0 a.m.•56 views

AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection

ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...

0.6AI score

Exploits0

0day.today•added 2016/05/24 12:0 a.m.•36 views

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure (via XXE Injection)

Exploit for asp platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely...

7.1AI score

Exploits0

exploitpack•added 2016/05/24 12:0 a.m.•27 views

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection 1. ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro...

0.8AI score

Exploits0

Exploit DB•added 2016/05/24 12:0 a.m.•45 views

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection

7.4AI score

Exploits0

seebug.org•added 2015/11/24 12:0 a.m.•37 views

AfterLogic WebMail 任意文件包含漏洞

No description provided by source...

7.1AI score

Exploits0

seebug.org•added 2015/11/24 12:0 a.m.•18 views

AfterLogic WebMail settings.xml 信息泄露

No description provided by source...

7.1AI score

Exploits0

Packet Storm•added 2015/03/27 12:0 a.m.•46 views

AfterLogic WebMail Lite Authentication Bypass

AfterLogic WebMail Lite is a free web-based IMAP and SMTP email-client with Ajax interface. AfterLogic WebMail Lite is available for both PHP and ASP.NET platforms. The version of AfterLogic WebMail Lite that is written in PHP is free and open-source software subject to the terms of the Affero...

0.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by