Vulnerabilities > Afterlogic

DATE CVE VULNERABILITY TITLE RISK
2023-10-03 CVE-2023-43176 Deserialization of Untrusted Data vulnerability in Afterlogic Aurora Files 9.7.3
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
network
low complexity
afterlogic CWE-502
8.8
2021-03-07 CVE-2021-26294 Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9.
network
low complexity
afterlogic CWE-22
7.5
2021-03-04 CVE-2021-26293 Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled.
network
low complexity
afterlogic CWE-22
critical
9.8
2019-11-26 CVE-2019-19129 Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail PRO
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
network
low complexity
afterlogic CWE-79
6.1
2019-09-12 CVE-2019-16238 Cross-site Scripting vulnerability in Afterlogic Aurora
Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.
network
low complexity
afterlogic CWE-79
6.1
2017-09-19 CVE-2017-14597 Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
network
low complexity
afterlogic CWE-79
4.8