Cyber Resilience

CVE-2022-31470

MediumPublic PoC

Published: 07 June 2022

Published
07 June 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.2601 96.4th percentile
Risk Priority 28 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-31470 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Axigen Axigen Mobile Webmail. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-31470 is a cross-site scripting vulnerability (CWE-79) affecting the index_mobile_changepass.hsp reset-password functionality in Axigen Mobile WebMail versions prior to 10.2.3.12 and 10.3.x prior to 10.3.3.47. The flaw permits injection of arbitrary JavaScript that executes in the context of an authenticated user session. It carries a CVSS 3.1 base score of 6.1 with network attack vector, low complexity, no required privileges, required user interaction, and changed scope.

An unauthenticated attacker can deliver a crafted link or page that, once clicked by a logged-in user, runs JavaScript within that active session. Successful exploitation allows the attacker to access and exfiltrate mailbox contents, achieving limited confidentiality and integrity impact without affecting availability.

Vendor advisories direct administrators to upgrade to the fixed releases 10.2.3.12 or 10.3.3.47. The Axigen knowledge-base article for CVE-2022-31470 and the vendor site provide the corresponding patch information and upgrade guidance.

EPSS for the CVE remains at 0.2601 with no material increase after disclosure. Public references include a Packet Storm proof-of-concept listing but no confirmed in-the-wild exploitation reports.

EU & UK References

Vulnerability details

An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox…

more

content.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

axigen
axigen mobile webmail
10.2.2.0 — 10.2.3.12 · 10.3.3.0 — 10.3.3.47

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References