Mail Server
by Csm
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32399 | Hig | 0.56 | 7.6 | 0.03 | Apr 22, 2024 | Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. | ||
| CVE-2024-50601 | Med | 0.40 | 6.1 | 0.00 | Nov 11, 2024 | Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a… | ||
| CVE-2025-68722 | 0.00 | — | 0.00 | Feb 5, 2026 | Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and… | |||
| CVE-2025-68723 | 0.00 | — | 0.00 | Feb 5, 2026 | Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage… | |||
| CVE-2025-68643 | 0.00 | — | 0.00 | Feb 5, 2026 | Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the… | |||
| CVE-2025-68721 | 0.00 | — | 0.00 | Feb 5, 2026 | Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint… | |||
| CVE-2000-0042 | 0.00 | — | 0.03 | Dec 29, 1999 | Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. |
- risk 0.56cvss 7.6epss 0.03
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.
- risk 0.40cvss 6.1epss 0.00
Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a…
- CVE-2025-68722Feb 5, 2026risk 0.00cvss —epss 0.00
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and…
- CVE-2025-68723Feb 5, 2026risk 0.00cvss —epss 0.00
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage…
- CVE-2025-68643Feb 5, 2026risk 0.00cvss —epss 0.00
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the…
- CVE-2025-68721Feb 5, 2026risk 0.00cvss —epss 0.00
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint…
- CVE-2000-0042Dec 29, 1999risk 0.00cvss —epss 0.03
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.