Medium severity6.1NVD Advisory· Published Nov 11, 2024· Updated Apr 15, 2026
CVE-2024-50601
CVE-2024-50601
Description
Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed in versions 10.3.3.67, 10.4.42, and 10.5.29.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=10.5.28
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.