CyberSec.Space Logo
Back to CVE Browser

CVE-2015-5379

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile37.71th
PublishedOct 23, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment.

Affected Platforms (CPE)

πŸ“¦
Axigen

Axigen Mail Server

= 8.0
πŸ“¦
Axigen

Axigen Mail Server

= 8.0.1
πŸ“¦
Axigen

Axigen Mail Server

= 8.0.2
πŸ“¦
Axigen

Axigen Mail Server

= 8.0.3
πŸ“¦
Axigen

Axigen Mail Server

= 8.1.0
πŸ“¦
Axigen

Axigen Mail Server

= 8.1.1
πŸ“¦
Axigen

Axigen Mail Server

= 8.1.2
πŸ“¦
Axigen

Axigen Mail Server

= 8.1.3
πŸ“¦
Axigen

Axigen Mail Server

= 8.2.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html
πŸ”— http://www.securityfocus.com/archive/1/536046/100/0/threaded
πŸ”— https://blogs.securiteam.com/index.php/archives/2534
πŸ”— https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-security-patch-CVE-2015-5379-_341.html
πŸ”— http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html
πŸ”— http://www.securityfocus.com/archive/1/536046/100/0/threaded
πŸ”— https://blogs.securiteam.com/index.php/archives/2534
πŸ”— https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-security-patch-CVE-2015-5379-_341.html

Related Vulnerabilities

CVE-2008-04349.3

Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code ...

CVE-2020-269429.1

An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to...

CVE-2012-49406.4

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to ...

CVE-2010-34605.0

Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read ar...