Cross-Site Scripting Vulnerability in Axigen Mobile WebMail
CVE-2022-31470

6.1MEDIUM

Key Information:

Vendor: Axigen
Status: Axigen Mobile Webmail
Vendor: CVE Published:; 7 June 2022

What is CVE-2022-31470?

An XSS vulnerability exists in the reset-password section of Axigen Mobile WebMail that allows attackers to execute arbitrary JavaScript code within the context of a user's active session. This exploit can enable unauthorized access to sensitive mailbox content, posing significant risks to user privacy and security. Users running versions earlier than 10.2.3.12 and 10.3.x prior to 10.3.3.47 are particularly vulnerable and should consider applying the latest security updates to mitigate this threat.

References

https://axigen.com

https://www.axigen.com/knowledgebase/Axigen-Mobile-WebMai...

http://packetstormsecurity.com/files/174551/Axigen-10.5.0...

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 7, 2022
Vulnerability Reserved
May 23, 2022