Vulnerabilities > Afterlogic
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-03 | CVE-2023-43176 | Deserialization of Untrusted Data vulnerability in Afterlogic Aurora Files 9.7.3 A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. | 8.8 |
2021-03-07 | CVE-2021-26294 | Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. | 7.5 |
2021-03-04 | CVE-2021-26293 | Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. | 9.8 |
2019-11-26 | CVE-2019-19129 | Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail PRO Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. | 6.1 |
2019-09-12 | CVE-2019-16238 | Cross-site Scripting vulnerability in Afterlogic Aurora Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. | 6.1 |
2017-09-19 | CVE-2017-14597 | Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. | 4.8 |