CVE-2025-12460— Stored XSS vulnerability in Afterlogic Aurora webmail

Stored XSS vulnerability in Afterlogic Aurora webmail

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and access user data.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Afterlogic Aurora 安全漏洞

Afterlogic Aurora是美国Afterlogic公司的一套使用PHP语言编写的企业邮件服务器平台。该平台包括电子邮箱、文件存储和地址簿管理等功能。 Afterlogic Aurora 9.8.3及之前版本存在安全漏洞，该漏洞源于未正确处理HTML电子邮件中的JavaScript代码，可能导致跨站脚本攻击。

N/A

N/A