Published: 07/06/2022 Updated: 08/09/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail prior to 10.2.3.12 and 10.3.x prior to 10.3.3.47 allows malicious users to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Vulnerable Product	Search on Vulmon	Subscribe to Product
axigen axigen mobile webmail

Axigen versions 1050–4370c946 and below suffer from a cross site scripting vulnerability ...

Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS

Exploit Title: Axigen < 103347, 102312 - Reflected XSS Google Dork: inurl:passwordexpired=yes Date: 2023-08-21 Exploit Author: AmirZargham Vendor Homepage: wwwaxigencom/ Software Link: wwwaxigencom/mail-server/download/ Version: (1050–4370c946) and older version of Axigen WebMail Tested on: firefox,chrome CVE: CVE-2022-31470 Exploit We u

CWE-79 https://axigen.com https://www.axigen.com/knowledgebase/Axigen-Mobile-WebMail-XSS-Vulnerability-CVE-2022-31470-_390.html http://packetstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Scripting.html https://nvd.nist.gov https://github.com/amirzargham/CVE-2023-08-21-exploit https://packetstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-31470

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect