CVE-2025-12460 – Stored XSS vulnerability in Afterlogic Aurora webmail

CVE ID : CVE-2025-12460

Published : Oct. 31, 2025, 2:16 p.m. | 1 hour, 10 minutes ago

Description : An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user’s browser window, and access user data.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…