CVE-2010-3459
Description
Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AXIGEN Mail Server before 7.4.2 contains a cross-site scripting vulnerability in the Ajax WebMail interface allowing remote attackers to inject arbitrary web script or HTML.
Vulnerability
The vulnerability is a cross-site scripting (XSS) flaw in the Ajax WebMail interface of AXIGEN Mail Server versions prior to 7.4.2. The official description indicates that remote attackers can inject arbitrary web script or HTML via unspecified vectors. The vendor's release notes confirm a "minor XSS vulnerability" was fixed in version 7.4.2 [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted request to the Ajax WebMail interface that includes malicious script or HTML. No authentication is mentioned as required, so it may be exploitable by any remote attacker who can reach the web interface. The exact attack vector is not detailed, but typical XSS exploitation involves tricking a user into interacting with a malicious link or content.
Impact
Successful exploitation allows the attacker to execute arbitrary web script or HTML in the context of the victim's browser session. This could lead to session hijacking, defacement, or theft of sensitive information displayed in the webmail interface. The impact is limited to the browser session and does not directly compromise the server.
Mitigation
The vulnerability is fixed in AXIGEN Mail Server version 7.4.2, released on an unspecified date prior to the CVE publication. Users are strongly recommended to upgrade to version 7.4.2 or later. According to the vendor, only version 6.2.2 and 7.x products are supported; older versions have discontinued support [1]. No workarounds are mentioned.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
56cpe:2.3:a:gecad:axigen_mail_server:*:*:*:*:*:*:*:*+ 54 more
- cpe:2.3:a:gecad:axigen_mail_server:*:*:*:*:*:*:*:*range: <=7.4.1
- cpe:2.3:a:gecad:axigen_mail_server:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.2.5:b:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:3.0:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:4.0:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:5.0:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:6.1:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.2:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.3:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:7.4:beta:*:*:*:*:*:*
- cpe:2.3:a:gecad:axigen_mail_server:-:beta3:*:*:*:*:*:*
- Range: <7.4.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.axigen.com/press/product-releases/axigen-releases-version-742_74.htmlnvdPatchVendor Advisory
- www.vupen.com/english/advisories/2010/2415nvdPatchVendor Advisory
- www.securityfocus.com/bid/43230nvdExploit
- secunia.com/advisories/41430nvdVendor Advisory
- www.osvdb.org/68026nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/61825nvd
News mentions
0No linked articles in our index yet.