6 matches found
CVE-2022-31470
An XSS vulnerability in the indexmobilechangepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session for a logged-in user, can access and retrieve mailbox content...
Linux Distros Unpatched Vulnerability : CVE-2025-5986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without promptin...
CVE-2022-31470
An XSS vulnerability in the indexmobilechangepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session for a logged-in user, can access and retrieve mailbox content...
Cross site scripting
An XSS vulnerability in the indexmobilechangepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session for a logged-in user, can access and retrieve mailbox content...
PT-2022-20748 · Axigen · Axigen Mobile Webmail
Name of the Vulnerable Software and Affected Versions: Axigen Mobile WebMail versions prior to 10.2.3.12 Axigen Mobile WebMail versions 10.3.x prior to 10.3.3.47 Description: The issue allows attackers to run arbitrary Javascript code, using an active end-user session for a logged-in user, to...
CVE-2022-31470
An XSS vulnerability in the indexmobilechangepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session for a logged-in user, can access and retrieve mailbox content...