CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-5379

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile37.71th
Published2017年10月23日
Last Modified2026年5月13日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment.

Affected Platforms (CPE)

📦
Axigen

Axigen Mail Server

= 8.0
📦
Axigen

Axigen Mail Server

= 8.0.1
📦
Axigen

Axigen Mail Server

= 8.0.2
📦
Axigen

Axigen Mail Server

= 8.0.3
📦
Axigen

Axigen Mail Server

= 8.1.0
📦
Axigen

Axigen Mail Server

= 8.1.1
📦
Axigen

Axigen Mail Server

= 8.1.2
📦
Axigen

Axigen Mail Server

= 8.1.3
📦
Axigen

Axigen Mail Server

= 8.2.0

References & Advisories

🔗 http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html
🔗 http://www.securityfocus.com/archive/1/536046/100/0/threaded
🔗 https://blogs.securiteam.com/index.php/archives/2534
🔗 https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-security-patch-CVE-2015-5379-_341.html
🔗 http://packetstormsecurity.com/files/132764/Axigen-Cross-Site-Scripting.html
🔗 http://www.securityfocus.com/archive/1/536046/100/0/threaded
🔗 https://blogs.securiteam.com/index.php/archives/2534
🔗 https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-security-patch-CVE-2015-5379-_341.html

相關漏洞威脅

CVE-2008-04349.3

Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code ...

CVE-2020-269429.1

An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to...

CVE-2012-49406.4

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to ...

CVE-2010-34605.0

Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read ar...