CNNVD-202510-4414 Information
CNNVD ID
CNNVD-202510-4414
Related CVE
- CNNVD Published: 2025-10-31
Description (Chinese)
Afterlogic Aurora是美国Afterlogic公司的一套使用PHP语言编写的企业邮件服务器平台。该平台包括电子邮箱、文件存储和地址簿管理等功能。 Afterlogic Aurora 9.8.3及之前版本存在安全漏洞,该漏洞源于未正确处理HTML电子邮件中的JavaScript代码,可能导致跨站脚本攻击。
Description (English)
Afterlogic Aurora is a corporate mail server platform written in the PHP language of the American company Afterlogic. The platform includes e-mail, file storage and address book management functions. There is a security loophole in Afterlogic Aurora 9.83 and earlier versions, which stems from the incorrect handling of the JavaScript code in HTML e-mails, which could lead to a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Afterlogic
Published
2025-10-31
Last Modified
2026-02-24
References
https://auroramail.wordpress.com/2025/10/28/xss-vulnerability-in-afterlogic-webmail-and-aurora-corporate/ https://access.redhat.com/security/cve/cve-2025-12460
Patch
https://afterlogic.com/download/aurora
Share on: