Vulnerabilities > Axigen > Axigen Mobile Webmail > 10.3.3.0

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2023-49101 Cross-site Scripting vulnerability in Axigen Mobile Webmail
WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.
network
low complexity
axigen CWE-79
6.1
6.1
2024-02-07 CVE-2023-40355 Cross-site Scripting vulnerability in Axigen Mobile Webmail
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.
network
low complexity
axigen CWE-79
5.4
5.4
2022-06-07 CVE-2022-31470 Cross-site Scripting vulnerability in Axigen Mobile Webmail
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
network
low complexity
axigen CWE-79
6.1
6.1