CVE-2022-31470

MEDIUM NUCLEI

Axigen Mobile WebMail <10.2.3.12 & <10.3.3.47 - XSS

Title source: llm

Description

An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

Exploits (1)

exploitdb WORKING POC

by AmirZargham · textwebappsmultiple

https://www.exploit-db.com/exploits/51722

View Code ZIP pw:eip

Nuclei Templates (1)

Axigen WebMail - Cross-Site Scripting

MEDIUMby AmirZargham

Shodan: title:"Axigen"

FOFA: title="Axigen"

References (3)

[Vendor Advisory] https://axigen.com

[Vendor Advisory] https://www.axigen.com/knowledgebase/Axigen-Mobile-WebMail-XSS-Vulnerability-CVE-2022-31470-_390.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.2601

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

axigen/axigen_mobile_webmail 10.2.2.0 - 10.2.3.12

Published Jun 07, 2022

Tracked Since Feb 18, 2026