Axigen Mobile Webmail

axigen_mobile_webmail

Vendor: Axigen • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49101 1Axigen 1Axigen Mobile Webmail Jun 17, 2025 Feb 8, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.
CVE-2023-40355 1Axigen 1Axigen Mobile Webmail Jun 17, 2025 Feb 7, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive inform...Show more Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.Show less
CVE-2022-31470 1Axigen 1Axigen Mobile Webmail Nov 21, 2024 Jun 7, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active...Show more An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.Show less