AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

Continue reading...