Vulnerabilities > Icewarp > Mail Server

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-27982 Cross-site Scripting vulnerability in Icewarp Mail Server 11.4.5
IceWarp 11.4.5.0 allows XSS via the language parameter.
network
icewarp CWE-79
4.3
2020-07-15 CVE-2020-14066 Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
network
low complexity
icewarp CWE-434
6.5
2020-07-15 CVE-2020-14065 Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
network
low complexity
icewarp CWE-434
4.0
2020-07-15 CVE-2020-14064 Exposure of Resource to Wrong Sphere vulnerability in Icewarp Mail Server 12.3.0.1
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
network
low complexity
icewarp CWE-668
4.0
2020-01-06 CVE-2019-19265 Cross-site Scripting vulnerability in Icewarp Mail Server
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
network
icewarp CWE-79
4.3
2020-01-06 CVE-2019-19266 Cross-site Scripting vulnerability in Icewarp Mail Server
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
network
icewarp CWE-79
3.5
2019-06-03 CVE-2019-12593 Path Traversal vulnerability in Icewarp Mail Server
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
network
low complexity
icewarp CWE-22
5.0
2018-09-01 CVE-2018-16324 Cross-site Scripting vulnerability in Icewarp Mail Server
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
network
icewarp CWE-79
4.3
2018-06-30 CVE-2018-7475 Cross-site Scripting vulnerability in Icewarp Mail Server 12.0.3
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
network
icewarp CWE-79
4.3
2018-05-08 CVE-2015-1503 Path Traversal vulnerability in Icewarp Mail Server
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) ..
network
low complexity
icewarp CWE-22
7.8