Axigen Axigen Mail Server — known CVE vulnerabilities
Every CVE whose affected-product data names Axigen Axigen Mail Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-23566 — CVSS 9.8 (critical): A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to…
CVE-2023-48974 — CVSS 9.6 (critical): Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted…
CVE-2020-26942 — CVSS 9.1 (critical): An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a…
CVE-2025-68723 — CVSS 9.0 (critical): Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three…
CVE-2025-68722 — CVSS 8.8 (high): Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin…
CVE-2025-68721 — CVSS 8.1 (high): Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account…
CVE-2015-5379 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote…
CVE-2025-68643 — CVSS 5.4 (medium): Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter…
CVE-2012-2592 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the…