Skip to content

Instantly share code, notes, and snippets.

@mariuszpoplawski
Created June 24, 2020 14:40
Show Gist options
  • Save mariuszpoplawski/34f53a93a8d93c4d81bde2c08bffb575 to your computer and use it in GitHub Desktop.
Save mariuszpoplawski/34f53a93a8d93c4d81bde2c08bffb575 to your computer and use it in GitHub Desktop.
CVE-2019-19129 - Remote Stored XSS in attachment’s name
------------------------------------------
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
Afterlogic blog post:
https://auroramail.wordpress.com/2019/11/25/vulnerability-closed-in-webmail-and-aurora-remote-stored-xss-in-attachments-name/
Mariusz Popłwski / AFINE.com team
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment