Vulnerabilities > Afterlogic > Webmail PRO

DATE CVE VULNERABILITY TITLE RISK
2021-03-07 CVE-2021-26294 Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9.
network
low complexity
afterlogic CWE-22
5.0
5.0
2021-03-04 CVE-2021-26293 Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled.
network
afterlogic CWE-22
6.8
6.8
2019-11-26 CVE-2019-19129 Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail PRO
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
network
afterlogic CWE-79
4.3
4.3
2010-03-26 CVE-2009-4743 Cross-Site Scripting vulnerability in Afterlogic Webmail PRO 4.5
Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.
network
afterlogic CWE-79
4.3
4.3