Afterlogic Webmail Pro — known CVE vulnerabilities
Every CVE whose affected-product data names Afterlogic Webmail Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-26293 — CVSS 9.8 (critical): An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory…
CVE-2021-26294 — CVSS 7.5 (high): An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files…
CVE-2019-19129 — CVSS 6.1 (medium): Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
CVE-2009-4743 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote…