CVE-2022-31470

MEDIUM NUCLEI

Axigen Mobile WebMail <10.2.3.12 & <10.3.3.47 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31470. PoCs published by AmirZargham. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Axigen WebMail versions prior to 10.3.3.47 and 10.2.3.12. It uses a malicious link to execute JavaScript, which then exfiltrates user emails via an out-of-band server.

Description

An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Exploits (1)

exploitdb WORKING POC
by AmirZargham · textwebappsmultiple
https://www.exploit-db.com/exploits/51722

This exploit demonstrates a reflected XSS vulnerability in Axigen WebMail versions prior to 10.3.3.47 and 10.2.3.12. It uses a malicious link to execute JavaScript, which then exfiltrates user emails via an out-of-band server.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Axigen WebMail < 10.3.3.47, 10.2.3.12
No auth needed
Prerequisites: Victim must click on a malicious link · Attacker must host exploit code on a remote server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Axigen WebMail - Cross-Site Scripting
MEDIUMby AmirZargham
Shodan: title:"Axigen"
FOFA: title="Axigen"

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.2601
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
axigen/axigen_mobile_webmail 10.2.2.0 - 10.2.3.12
Published Jun 07, 2022
Tracked Since Feb 18, 2026