CVE-2017-14597

Name of the Vulnerable Software and Affected Versions AfterLogic WebMail version 7.7 AfterLogic Aurora version 7.7.5

Description The issue concerns an XSS vulnerability in the AdminPanel of AfterLogic WebMail and Aurora. This vulnerability can be exploited via the txtDomainName field in the adminpanel/modules/pro/inc/ajax.php endpoint during the addition of a domain.

Recommendations For AfterLogic WebMail version 7.7, update to a version that includes a fix for this issue. For AfterLogic Aurora version 7.7.5, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the adminpanel/modules/pro/inc/ajax.php endpoint to minimize the risk of exploitation. Avoid using the txtDomainName field in the affected endpoint until the issue is resolved.