Axigen Mail Server@* Security Vulnerabilities and Issues — Axigen Mail Server@* CVE List

Lucene search

AxigenAxigen Mail Server*

4 matches found

CVE•added 2024/02/08 1:15 a.m.•65 views

CVE-2023-48974

Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.

9.6CVSS8.9AI score0.04957EPSS

CVE•added 2024/03/21 2:36 a.m.•45 views

CVE-2020-26942

An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.

9.1CVSS7.2AI score0.00211EPSS

CVE•added 2024/04/03 8:15 a.m.•44 views

CVE-2024-28589

An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.

6.7CVSS7.9AI score0.00087EPSS

CVE•added 2024/11/11 11:15 p.m.•41 views

CVE-2024-50601

Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed...

6.1CVSS6.8AI score0.00048EPSS