XSS Vulnerability in Ajax WebMail Interface of AXIGEN Mail Server
CVE-2015-5379

5.4MEDIUM

Key Information:

Vendor

Axigen

Status
Axigen Mail Server
Vendor
CVE Published:
23 October 2017

What is CVE-2015-5379?

A cross-site scripting (XSS) vulnerability exists in the Ajax WebMail interface of AXIGEN Mail Server prior to version 9.0. This flaw allows remote attackers to exploit the system by injecting malicious web scripts or HTML through email attachments. Successful exploitation could allow attackers to execute arbitrary code in the context of the user's browser, potentially compromising sensitive user data and system integrity. Organizations using affected versions should prioritize applying security patches to mitigate the risk associated with this vulnerability.

References

https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-sec...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/132764/Axigen-Cross-...
x_refsource_MISC
http://www.securityfocus.com/archive/1/536046/100/0/threaded
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.