CVE-2023-40355

MEDIUM NUCLEI

Axigen Mobile Webmail < 10.3.3.59 - XSS

Title source: rule

Description

Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.

Exploits (1)

nomisec SCANNER

by ace-83 · poc

https://github.com/ace-83/CVE-2023-40355

View Code ZIP pw:eip

Nuclei Templates (1)

Axigen WebMail - Cross-Site Scripting

MEDIUMVERIFIEDby amir-h-fallahi

Shodan: http.favicon.hash:-1247684400

FOFA: icon_hash=-1247684400

References (1)

[Vendor Advisory] https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html

Scores

CVSS v3 5.4

EPSS 0.1742

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

axigen/axigen_mobile_webmail 10.3.3.0 - 10.3.3.59

Published Feb 07, 2024

Tracked Since Feb 18, 2026