Remote Stored XSS Vulnerability in Afterlogic WebMail Pro and Aurora Products
CVE-2019-19129

6.1MEDIUM

Key Information:

Vendor

Afterlogic

Status
Aurora
Webmail Pro
Vendor
CVE Published:
26 November 2019

What is CVE-2019-19129?

A vulnerability has been identified in Afterlogic WebMail Pro and Afterlogic Aurora, allowing for a Remote Stored XSS attack via the names of attachments. An attacker could exploit this weakness to execute arbitrary JavaScript code in a user's browser when the affected file is accessed, potentially compromising sensitive user information and leading to further security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://afterlogic.com
x_refsource_MISC
https://auroramail.wordpress.com/2019/11/25/vulnerability...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.