PT-2019-15773 · Afterlogic · Afterlogic Webmail Pro+1

Mariusz Popławski

Published

2019-11-26

Updated

2019-12-09

CVE-2019-19129

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Afterlogic WebMail Pro version 8.3.11 Afterlogic Aurora version 8.3.11

Description The issue allows for Remote Stored XSS via an attachment name.

Recommendations For Afterlogic WebMail Pro version 8.3.11, update to a version that fixes the issue. For Afterlogic Aurora version 8.3.11, update to a version that fixes the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-19129

Affected Products

Afterlogic Aurora

Afterlogic Webmail Pro

PT-2019-15773 · Afterlogic · Afterlogic Webmail Pro+1

CVE-2019-19129

Weakness Enumeration

Related Identifiers

Affected Products

References · 4