Vulnerabilities > Afterlogic

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-03	CVE-2023-43176	Deserialization of Untrusted Data vulnerability in Afterlogic Aurora Files 9.7.3 A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. network low complexity afterlogic CWE-502	8.8
2021-03-07	CVE-2021-26294	Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. network low complexity afterlogic CWE-22	5.0
2021-03-04	CVE-2021-26293	Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. network afterlogic CWE-22	6.8
2019-11-26	CVE-2019-19129	Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail PRO Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. network afterlogic CWE-79	4.3
2019-09-12	CVE-2019-16238	Cross-site Scripting vulnerability in Afterlogic Aurora 8.3.9 Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. network afterlogic CWE-79	4.3
2017-09-19	CVE-2017-14597	Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. network afterlogic CWE-79	3.5
2012-08-12	CVE-2012-2587	Cross-Site Scripting vulnerability in Afterlogic Mailsuite PRO 6.3 Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element. network afterlogic CWE-79	4.3
2010-03-26	CVE-2009-4743	Cross-Site Scripting vulnerability in Afterlogic Webmail PRO 4.5 Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters. network afterlogic CWE-79	4.3
2008-02-06	CVE-2008-0631	Improper Input Validation vulnerability in Afterlogic Mailbee Objects 5.5 Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method. network afterlogic CWE-20	4.3
2007-10-09	CVE-2007-5290	Cross-Site Scripting vulnerability in Afterlogic Mailbee Webmail Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode. network afterlogic CWE-79	4.3

Vulnerabilities > Afterlogic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Afterlogic"}]}

Vulnerabilities > Afterlogic