Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32367
HistoryJul 27, 2015 - 12:00 a.m.

CVE-2015-5379: Axigen XSS vulnerability for html attachments

2015-07-2700:00:00
vulners.com
8
JSON

CVEID: CVE-2015-5379

SUBJECT: Axigen XSS vulnerability for html attachments

DESCRIPTION: Axigen's WebMail Ajax interface implements a view
attachment function that executes javascript code that is part of email
HTML attachments.
This allows a malicious user to craft email messages that could expose
an Axigen WebMail Ajax user to cross site scripting or other attacks
that rely on arbitrary javascript code running within a trusted domain.

Axigen versions starting with 9.0 address this issue by limiting the
attachment types that are loaded in the browser.
For earlier Axigen versions patches are available on the Axigen support
channel.

Affected Products and Versions: Axigen Mail Server [1] 8.x versions

Vendor Internal ID: AXI-CVE-20150601

Vendor security advisory : [2]

Reported by: An anonymous researcher working with Beyond Security's
SecuriTeam Secure Disclosure program [3]

[1] https://www.axigen.com
[2] https://www.axigen.com/knowledgebase/Ajax-WebMail-8-x-security-patch-CVE-2015-5379-_341.html
[3] http://www.beyondsecurity.com/ssd.html

Related

cve 1
prion 1
securityvulns 1
cve
cve
CVE-2015-5379
2017-10-23 18:29:00
prion
prion
Cross site scripting
2017-10-23 18:29:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-07-27 00:00:00
JSON
Related for SECURITYVULNS:DOC:32367
cve1prion1securityvulns1