Knowledge Base

Get answers to common Axigen administration issues

Axigen 10.x

Axigen WebMail Persistent and Reflected XSS Vulnerabilities (CVE-2024-50601)

Nov 6, 2024  •  1 min. read

Persistent XSS in Axigen WebMail (CVE-2024-50601) allows Javascript injection via cookies and parameters. Update to 10.3.3.67 / 10.4.42 / 10.5.29 to secure.

Read article

Local Privilege Escalation Vulnerability on Axigen for Windows (CVE-2024-28589)

Apr 1, 2024  •  1 min. read

Learn about the fix for the local privilege escalation vulnerability in Axigen for Windows (CVE-2024-28589) in versions up to 10.5.18, resolved in 10.5.19.

Read article

Axigen WebMail XSS Vulnerability (CVE-2024-25080)

Feb 1, 2024  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code, leveraging a logged-in end-user session. This could allow attackers to perform phishing attacks or exfiltrate data from the logged-in account.

Read article

Axigen WebAdmin XSS Vulnerability (CVE-2023-49101)

Nov 20, 2023  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active admin session (for a logged-in admin), can access the admin interface.

Read article

Axigen WebMail XSS Vulnerability (CVE-2023-40355)

Aug 11, 2023  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Read article

Axigen Mobile WebMail XSS Vulnerability (CVE-2022-31470)

Jun 7, 2022  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Read article

Axigen WebAdmin Authentication Bypass Vulnerability (CVE-2020-26942)

Oct 13, 2020  •  1 min. read

This vulnerability allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.

Read article

How to Apply a Workaround for the OpenSSL CVE-2016-2107 Vulnerability

May 11, 2016  •  3 min. read

This article describes how to apply a quick workaround in order to not be vulnerable.

Read article

Axigen 8.x

Ajax WebMail 8.X Security Patch (CVE-2015-5379)

Jul 6, 2015  •  2 min. read

Axigen's WebMail Ajax interface implements a view attachment function that executes the javascript code which is included in email HTML attachments.


This allows a malicious user to craft email messages that could expose an Axigen Ajax WebMail user to cross site scripting or other attacks that rely on arbitrary javascript code running within a trusted domain.


Axigen versions starting with 9.0 address this issue by limiting the attachment types for which the in-browser preview is available.


For Axigen 8.x versions, we strongly recommend you to download & apply the patch below.

Read article