Axigen 10.2.2.0-10.2.3.11; fixed starting with 10.2.3.12
Axigen 10.3.3.0-10.3.3.46; fixed starting with 10.3.3.47
Vulnerability type: Cross Site Scripting (XSS)
Affected component(s): Axigen Mobile WebMail
Pre-requisites: An existing valid end-user session.
Upgrade now from your WebAdmin.
If you are unable to upgrade your Axigen deployment, you can perform a manual workaround by renaming the index_mobile_changepass.hsp file to one that can't be run by the Axigen server (e.g. you can just remove the extension by renaming to index_mobile_changepass).