← back
CVE-2022-31470

CVE-2022-31470

EPSS 52.1%
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51722unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Scripting.htmlhttps://axigen.comhttps://www.axigen.com/knowledgebase/Axigen-Mobile-WebMail-XSS-Vulnerability-CVE-2022-31470-_390.html