Multiple stored Cross-Site Scripting (XSS) vulnerabilities in Axigen WebAdmin allow low-privileged administrators to inject malicious JavaScript that executes in the context of high-privileged administrator sessions, enabling complete privilege escalation within the administrative interface.
Details
Affected versions:
Axigen 10.3.x, 10.4.x, 10.5.x up to 10.5.56; fixed starting with 10.5.57
Axigen 10.6.x up to 10.6.25; fixed starting with 10.6.26
Vulnerability type: Cross Site Scripting (XSS)
Affected component(s): Axigen WebAdmin
Prerequisites: The attacker must have a delegated admin account with permissions to access one of the affected pages.
Description:
Three stored XSS vulnerabilities exist in the WebAdmin interface:
- Local Services Log (Logging → Local Services Log) — Malicious payloads injected into log file names execute when administrators access the page.
- SSL Certificates View Usage (Security & Filtering → SSL Certificates → View Usage) — Attackers can upload certificate files containing malicious JavaScript that executes when the "View Usage" feature is accessed.
- WebMail Listeners SSL settings (Services → WebMail → Listeners) — Malicious input in Certificate File name parameters triggers XSS during SSL configuration.
These vulnerabilities persist in storage, affecting all administrators who subsequently access the compromised pages. A low-privileged administrator can exploit these to force high-privileged administrators to execute arbitrary actions, including granting full permissions to attacker-controlled accounts, modifying system configurations, or accessing sensitive data.
Reported by: Osman Can Vural
Solution
Update now from your WebAdmin.