VYPR
Vendor

Afterlogic

Products
7
CVEs
15
Across products
20
Status
Private

Products

7

Recent CVEs

15
  • CVE-2025-12460MedOct 31, 2025
    risk 0.34cvss epss 0.00

    An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail…

  • CVE-2017-14597MedSep 19, 2017
    risk 0.31cvss 4.8epss 0.01

    AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.

  • CVE-2025-59687MedOct 1, 2025
    risk 0.28cvss 4.3epss 0.00

    IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization.

  • CVE-2021-26294Mar 7, 2021
    risk 0.07cvss epss 0.17

    An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when…

  • CVE-2021-26293Mar 4, 2021
    risk 0.04cvss epss 0.07

    An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.

  • CVE-2008-0333Jan 17, 2008
    risk 0.04cvss epss 0.12

    Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.

  • CVE-2012-2587Aug 12, 2012
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element.

  • CVE-2009-4743Mar 26, 2010
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.

  • CVE-2009-3365Sep 24, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.

  • CVE-2008-0631Feb 6, 2008
    risk 0.03cvss epss 0.04

    Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method.

  • CVE-2007-5290Oct 9, 2007
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via…

  • CVE-2007-2061Apr 18, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

  • CVE-2023-43176Oct 3, 2023
    risk 0.00cvss epss 0.02

    A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.

  • CVE-2019-19129Nov 26, 2019
    risk 0.00cvss epss 0.01

    Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.

  • CVE-2019-16238Sep 12, 2019
    risk 0.00cvss epss 0.01

    Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.