Axigen 10.x
Local Privilege Escalation Vulnerability on Axigen for Windows (CVE-2024-28589)
Apr 1, 2024 • 1 min. read
Learn about the fix for the local privilege escalation vulnerability in Axigen for Windows (CVE-2024-28589) in versions up to 10.5.18, resolved in 10.5.19.
Read articleAxigen WebMail XSS Vulnerability (CVE-2024-25080)
Feb 1, 2024 • 1 min. read
This vulnerability allows attackers to run arbitrary Javascript code, leveraging a logged-in end-user session. This could allow attackers to perform phishing attacks or exfiltrate data from the logged-in account.
Read articleAxigen WebAdmin XSS Vulnerability (CVE-2023-49101)
Nov 20, 2023 • 1 min. read
This vulnerability allows attackers to run arbitrary Javascript code that, using an active admin session (for a logged-in admin), can access the admin interface.
Read articleAxigen WebMail XSS Vulnerability (CVE-2023-40355)
Aug 11, 2023 • 1 min. read
This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
Read articleAxigen Mobile WebMail XSS Vulnerability (CVE-2022-31470)
Jun 7, 2022 • 1 min. read
This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
Read articleAxigen WebAdmin Authentication Bypass Vulnerability (CVE-2020-26942)
Oct 13, 2020 • 1 min. read
This vulnerability allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.
Read articleHow to Apply a Workaround for the OpenSSL CVE-2016-2107 Vulnerability
May 11, 2016 • 3 min. read
This article describes how to apply a quick workaround in order to not be vulnerable.
Axigen 8.x
Ajax WebMail 8.X Security Patch (CVE-2015-5379)
Jul 6, 2015 • 2 min. read
Axigen's WebMail Ajax interface implements a view attachment function that executes the javascript code which is included in email HTML attachments.
This allows a malicious user to craft email messages that could expose an Axigen Ajax WebMail user to cross site scripting or other attacks that rely on arbitrary javascript code running within a trusted domain.
Axigen versions starting with 9.0 address this issue by limiting the attachment types for which the in-browser preview is available.
For Axigen 8.x versions, we strongly recommend you to download & apply the patch below.