Skip to main content

Webmail Pro

3 CVEs product

Monthly

CVE-2021-26294 HIGH POC THREAT This Week

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora Webmail Pro
NVD GitHub
CVSS 3.1
7.5
EPSS
16.9%
CVE-2021-26293 CRITICAL POC Act Now

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora Webmail Pro
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2019-19129 MEDIUM This Month

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aurora Webmail Pro
NVD
CVSS 3.1
6.1
EPSS
0.8%
EPSS 17% CVSS 7.5
HIGH POC THREAT This Week

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Aurora +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aurora Webmail Pro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy