Knowledge Base

Get answers to common Axigen administration issues

Axigen 10.x

Axigen Mobile WebMail XSS Vulnerability (CVE-2022-31470)

Jun 7, 2022  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Read article

Axigen WebAdmin Authentication Bypass Vulnerability (CVE-2020-26942)

Oct 13, 2020  •  1 min. read

This vulnerability allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.

Read article

How to Apply a Workaround for the OpenSSL CVE-2016-2107 Vulnerability

May 11, 2016  •  3 min. read

This article describes how to apply a quick workaround in order to not be vulnerable.

Read article

Axigen 8.x

Ajax WebMail 8.X Security Patch (CVE-2015-5379)

Jul 6, 2015  •  2 min. read

Axigen's WebMail Ajax interface implements a view attachment function that executes the javascript code which is included in email HTML attachments.

This allows a malicious user to craft email messages that could expose an Axigen Ajax WebMail user to cross site scripting or other attacks that rely on arbitrary javascript code running within a trusted domain.

Axigen versions starting with 9.0 address this issue by limiting the attachment types for which the in-browser preview is available.

For Axigen 8.x versions, we strongly recommend you to download & apply the patch below.

Read article