Vulnerability Description
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axigen | Axigen Mobile Webmail | >= 10.2.2.0, < 10.2.3.12 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Sc
- https://axigen.comVendor Advisory
- https://www.axigen.com/knowledgebase/Axigen-Mobile-WebMail-XSS-Vulnerability-CVEVendor Advisory
- http://packetstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Sc
- https://axigen.comVendor Advisory
- https://www.axigen.com/knowledgebase/Axigen-Mobile-WebMail-XSS-Vulnerability-CVEVendor Advisory
FAQ
What is CVE-2022-31470?
CVE-2022-31470 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code t...
How severe is CVE-2022-31470?
CVE-2022-31470 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31470?
Check the references section above for vendor advisories and patch information. Affected products include: Axigen Axigen Mobile Webmail.