Knowledge Base

Get answers to common Axigen administration issues

Axigen 10.x

Axigen WebAdmin Stored XSS Vulnerabilities (CVE-2025-68723)

Feb 5, 2026  •  1 min. read

Multiple stored XSS vulnerabilities in Axigen WebAdmin enable privilege escalation attacks. Update to 10.5.57 or 10.6.26.

Read article

Axigen WebAdmin CSRF Vulnerability (CVE-2025-68722)

Feb 5, 2026  •  1 min. read

CSRF vulnerability in Axigen WebAdmin allows attackers to execute admin actions via malicious links. Update to 10.5.57 or 10.6.26.

Read article

Axigen WebAdmin Improper Access Control Vulnerability (CVE-2025-68721)

Feb 5, 2026  •  1 min. read

Improper access control in Axigen WebAdmin allows zero-permission admins to manage SSL certificates. Update to 10.5.57 or 10.6.26.

Read article

Axigen WebMail Stored XSS Vulnerability (CVE-2025-68643)

Feb 4, 2026  •  1 min. read

Stored XSS vulnerability in Axigen WebMail timeFormat parameter enables credential theft via multi-stage attack. Update to 10.5.57 or 10.6.26.

Read article

Axigen WebMail Persistent and Reflected XSS Vulnerabilities (CVE-2024-50601)

Nov 6, 2024  •  1 min. read

Persistent XSS in Axigen WebMail (CVE-2024-50601) allows Javascript injection via cookies and parameters. Update to 10.3.3.67 / 10.4.42 / 10.5.29 to secure.

Read article

Local Privilege Escalation Vulnerability on Axigen for Windows (CVE-2024-28589)

Apr 1, 2024  •  1 min. read

Learn about the fix for the local privilege escalation vulnerability in Axigen for Windows (CVE-2024-28589) in versions up to 10.5.18, resolved in 10.5.19.

Read article

Axigen WebMail XSS Vulnerability (CVE-2024-25080)

Feb 1, 2024  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code, leveraging a logged-in end-user session. This could allow attackers to perform phishing attacks or exfiltrate data from the logged-in account.

Read article

Axigen WebAdmin XSS Vulnerability (CVE-2023-49101)

Nov 20, 2023  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active admin session (for a logged-in admin), can access the admin interface.

Read article

Axigen WebMail XSS Vulnerability (CVE-2023-40355)

Aug 11, 2023  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Read article

Axigen Mobile WebMail XSS Vulnerability (CVE-2022-31470)

Jun 7, 2022  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Read article

Axigen WebAdmin Authentication Bypass Vulnerability (CVE-2020-26942)

Oct 13, 2020  •  1 min. read

This vulnerability allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.

Read article

How to Apply a Workaround for the OpenSSL CVE-2016-2107 Vulnerability

May 11, 2016  •  3 min. read

This article describes how to apply a quick workaround in order to not be vulnerable.

Read article

Axigen is a premium, scalable, all-in-one Windows & Linux mail server software. A free mail server version is available for personal and lab use, along with the business mail server and the MSP mail server, for Managed Service Providers, which also include features like personal organizer, groupware, AntiVirus, AntiSpam, or advanced security policies. The carrier-class ISP mail server solution completes the Axigen offering and comes with clustering support, delegated administration, extensive APIs, as well as a cloud-native, Kubernetes based deployment option.

Axigen uses cookies. By using our services, you’re agreeing to our Cookie Policy. GOT IT