This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
Details
Affected versions:
Axigen 10.3.3.0-10.3.3.57; fixed starting with 10.3.3.59
Axigen 10.4.0-10.4.18; fixed starting with 10.4.19
Axigen 10.5.0-10.5.4; fixed starting with 10.5.5
Vulnerability type: Cross Site Scripting (XSS)
Affected component(s): Axigen WebMail
Pre-requisites: An existing valid end-user session.
Summary: An XSS vulnerability in the logic that enables users to switch between the Standard and Ajax versions of Axigen WebMail allows attackers to run arbitrary Javascript code. The exploit requires an active end-user session (the user is logged-in) and allows the attacker to access and retrieve mailbox content.
Description: To exploit the vulnerability, attackers can send the users a phishing email (or other type of message) containing a crafted link. Once the link is opened by the end-user, provided there is an active end-user session, attackers can run arbitrary Javascript code that can iterate through folders and emails, as well as retrieve them and send them to a remote endpoint through HTTP calls.
Reported by: Amir Hossein Fallahi • Twitter | Telegram | Youtube
Solution
Upgrade now from your WebAdmin.