Primary

Context

Afterlogic Aurora Webmail and Corporate XSS Vulnerability

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability exists in Afterlogic Aurora Webmail and Aurora Corporate versions through 9.8.3. The issue allows remote attackers to execute arbitrary JavaScript in the context of the user's browser by sending a crafted HTML email with JavaScript embedded in an image tag. This could lead to unauthorized access to user data.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can execute malicious scripts in the context of the user's session.

Remediation

Users can update to Afterlogic Aurora Webmail version 9.8.4 or later, or apply the provided patch to their existing installation. Instructions for manually applying the fix are also available.

Added: Oct 31, 2025, 2:19 PM

Updated: Oct 31, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.9

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.9

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Afterlogic Aurora Webmail and Corporate XSS Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Afterlogic Aurora

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating