Vulnerabilities > Afterlogic > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2019-19129 Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail PRO
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
network
low complexity
afterlogic CWE-79
6.1
6.1
2019-09-12 CVE-2019-16238 Cross-site Scripting vulnerability in Afterlogic Aurora
Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.
network
low complexity
afterlogic CWE-79
6.1
6.1
2017-09-19 CVE-2017-14597 Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
network
low complexity
afterlogic CWE-79
4.8
4.8