Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.
References
Link | Resource |
---|---|
https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html | Vendor Advisory |
https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html - Vendor Advisory |
14 Feb 2024, 18:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html - Vendor Advisory | |
CPE | cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Axigen
Axigen axigen Mobile Webmail |
07 Feb 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Feb 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-07 08:15
Updated : 2024-11-21 08:19
NVD link : CVE-2023-40355
Mitre link : CVE-2023-40355
CVE.ORG link : CVE-2023-40355
JSON object : View
Products Affected
axigen
- axigen_mobile_webmail
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')