Vulnerability Details CVE-2023-40355
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.267
EPSS Ranking 96.1%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-40355
-
cpe:2.3:a:axigen:axigen_mobile_webmail:10.3.3.0
-
cpe:2.3:a:axigen:axigen_mobile_webmail:10.3.3.46
-
cpe:2.3:a:axigen:axigen_mobile_webmail:10.3.3.47
-
cpe:2.3:a:axigen:axigen_mobile_webmail:10.3.3.57
-
cpe:2.3:a:axigen:axigen_mobile_webmail:10.4.0
-
cpe:2.3:a:axigen:axigen_mobile_webmail:10.4.18
-
cpe:2.3:a:axigen:axigen_mobile_webmail:10.5.0
-
cpe:2.3:a:axigen:axigen_mobile_webmail:10.5.4