Vulnerabilities > Afterlogic > Aurora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-07 | CVE-2021-26294 | Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. | 5.0 |
| 2021-03-04 | CVE-2021-26293 | Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. | 6.8 |
| 2019-11-26 | CVE-2019-19129 | Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail PRO Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. | 4.3 |
| 2019-09-12 | CVE-2019-16238 | Cross-site Scripting vulnerability in Afterlogic Aurora 8.3.9 Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. | 4.3 |
| 2017-09-19 | CVE-2017-14597 | Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. | 3.5 |