Lucene search
K

92 matches found

RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.13 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

9CVSS5.4AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.6 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS5.7AI score0.00244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 5:16 p.m.8 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

9CVSS5.8AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 5:16 p.m.5 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/02/05 5:16 p.m.8 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/02/05 4:15 p.m.3 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS6.1AI score0.00244EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.26 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.28 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

0.0031EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

5.8AI score0.00244EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.3 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

5.5AI score0.00261EPSS
Exploits0References3
CVE
CVE
added 2026/02/05 12:0 a.m.15 views

CVE-2025-68721

Axigen Mail Server prior to version 10.5.57 is affected by an improper access control in the WebAdmin interface. A delegated admin account with zero permissions can bypass access checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts), enabling viewing, dow...

8.1CVSS5.4AI score0.0031EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.6 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

9.1CVSS5.4AI score0.0031EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.9 views

PT-2026-6561

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Axigen Mail Server versions 10.6.0 through 10.6.25 Description The software contains a Cross-Site Request Forgery CSRF issue in the WebAdmin interface. This is due to improper handling of the s...

8.8CVSS5.8AI score0.00244EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/05 12:0 a.m.3 views

EUVD-2025-206860

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/05 12:0 a.m.12 views

EUVD-2025-206861

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

5.5AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.26 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

0.00244EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.27 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6560

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description Axigen Mail Server contains an improper access control issue in the WebAdmin interface. A delegated admin account with no permissions can bypass access control checks and gain unauthoriz...

8.1CVSS5.4AI score0.0031EPSS
Exploits0References8
Rows per page
Query Builder