CVE-2023-39223

Published: Mar 18, 2024

Modified: Mar 27, 2025

PUBLISHED

Description

Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser.

Vendor	Product	Versions
A.K.I Software	pmc.exe	affected `2.5.1.720 and earlier`
A.K.I Software	pmam.exe	affected `2.5.1.1411 and earlier`
A.K.I Software	pmum.exe (Standard edition)	affected `2.5.1.25451 and earlier`
A.K.I Software	pmum.exe (Pro edition)	affected `2.5.1.25452 and earlier`
A.K.I Software	pmum.exe (Standard + IMAP4 edition)	affected `2.5.1.25453 and earlier`
A.K.I Software	pmum.exe (Pro + IMAP4 edition / Enterprise edition)	affected `2.5.1.25454 and earlier`

References

https://akisoftware.com/Vulnerability202301.html

https://jvn.jp/en/jp/JVN92720882/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-39223

Description

Affected Products

References