GCVE - cpe:2.3:a:afterlogic:webmail_pro:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:afterlogic:webmail_pro:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Afterlogic (`9dd7f5df-4ffb-51fb-89bf-599392077f38`)
Product	Webmail Pro (`c7454606-6e6a-51b0-b726-f9531a79ec1c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/afterlogic/webmail-pro-8`	purl2cpe	2026-06-01 10:16:50.451591

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-26294`	vulnerable	2026-06-08 05:30:42.172207	Details available An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password). Published: 2021-03-07T03:42:34.000Z Updated: 2024-08-03T20:19:20.346Z Open on db.gcve.eu Reference links https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26293`	vulnerable	2026-06-08 05:30:42.171531	Details available An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x. Published: 2021-03-04T20:32:44.000Z Updated: 2024-08-03T20:19:20.256Z Open on db.gcve.eu Reference links https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4743`	vulnerable	2026-06-08 04:51:49.462770	Details available Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters. Published: 2010-03-26T20:00:00.000Z Updated: 2024-08-07T07:17:25.422Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/53672 http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt http://www.securityfocus.com/bid/36605 http://secunia.com/advisories/36964 http://osvdb.org/58712	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.