Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed in versions 10.3.3.67, 10.4.42, and 10.5.29.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Axigen
Axigen axigen Mail Server |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:axigen:axigen_mail_server:-:*:*:*:*:*:*:* | |
Vendors & Products |
Axigen
Axigen axigen Mail Server |
|
Metrics |
cvssV3_1
|
Mon, 11 Nov 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed in versions 10.3.3.67, 10.4.42, and 10.5.29. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-11T00:00:00
Updated: 2024-11-12T15:54:01.976Z
Reserved: 2024-10-27T00:00:00
Link: CVE-2024-50601
Vulnrichment
Updated: 2024-11-12T15:53:55.736Z
NVD
Status : Awaiting Analysis
Published: 2024-11-11T23:15:05.763
Modified: 2024-11-12T16:35:22.810
Link: CVE-2024-50601
Redhat
No data.