Knowledge Base

Get answers to common Axigen administration issues

Axigen 10.x

Local Privilege Escalation Vulnerability on Axigen for Windows (CVE-2024-28589)

Apr 1, 2024  •  1 min. read

Learn about the fix for the local privilege escalation vulnerability in Axigen for Windows (CVE-2024-28589) in versions up to 10.5.18, resolved in 10.5.19.

Read article

Axigen WebMail XSS Vulnerability (CVE-2024-25080)

Feb 1, 2024  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code, leveraging a logged-in end-user session. This could allow attackers to perform phishing attacks or exfiltrate data from the logged-in account.

Read article

Axigen WebAdmin XSS Vulnerability (CVE-2023-49101)

Nov 20, 2023  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active admin session (for a logged-in admin), can access the admin interface.

Read article

Axigen WebMail XSS Vulnerability (CVE-2023-40355)

Aug 11, 2023  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Read article

Axigen Mobile WebMail XSS Vulnerability (CVE-2022-31470)

Jun 7, 2022  •  1 min. read

This vulnerability allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Read article

Axigen WebAdmin Authentication Bypass Vulnerability (CVE-2020-26942)

Oct 13, 2020  •  1 min. read

This vulnerability allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.

Read article

How to Apply a Workaround for the OpenSSL CVE-2016-2107 Vulnerability

May 11, 2016  •  3 min. read

This article describes how to apply a quick workaround in order to not be vulnerable.

Read article

Axigen 8.x

Ajax WebMail 8.X Security Patch (CVE-2015-5379)

Jul 6, 2015  •  2 min. read

Axigen's WebMail Ajax interface implements a view attachment function that executes the javascript code which is included in email HTML attachments.


This allows a malicious user to craft email messages that could expose an Axigen Ajax WebMail user to cross site scripting or other attacks that rely on arbitrary javascript code running within a trusted domain.


Axigen versions starting with 9.0 address this issue by limiting the attachment types for which the in-browser preview is available.


For Axigen 8.x versions, we strongly recommend you to download & apply the patch below.

Read article

Other Knowledge Base Articles

How to Install WebMail / WebAdmin Patched Pages

Aug 16, 2017  •  2 min. read

This article describes how to install WebMail / WebAdmin patched pages.

Read article

How to Install an Axigen Binary Patch

Aug 16, 2017  •  1 min. read

This article describes how to to install an Axigen binary patch.

Read article

How to Apply Outlook Connector Patch

Mar 28, 2013  •  1 min. read

This article explains the steps necessary to apply Outlook Connecter patch

Read article

Axigen is a premium, scalable, all-in-one Windows & Linux mail server software. A free mail server version is available for personal and lab use, along with the business mail server and the MSP mail server, for Managed Service Providers, which also include features like personal organizer, groupware, AntiVirus, AntiSpam, or advanced security policies. The carrier-class ISP mail server solution completes the Axigen offering and comes with clustering support, delegated administration, extensive APIs, as well as a cloud-native, Kubernetes based deployment option.

Axigen uses cookies. By using our services, you’re agreeing to our Cookie Policy. GOT IT