Vulnerabilities > Icewarp > Mail Server > 10.4.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-39699 | Path Traversal vulnerability in Icewarp Mail Server 10.4.5 IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. | 9.8 |
| 2023-08-25 | CVE-2023-39700 | Cross-site Scripting vulnerability in Icewarp Mail Server 10.4.5 IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. | 6.1 |
| 2023-07-27 | CVE-2021-36580 | Open Redirect vulnerability in Icewarp Mail Server Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | 6.1 |
| 2020-01-06 | CVE-2019-19265 | Cross-site Scripting vulnerability in Icewarp Mail Server IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | 6.1 |
| 2020-01-06 | CVE-2019-19266 | Cross-site Scripting vulnerability in Icewarp Mail Server IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | 5.4 |
| 2018-09-01 | CVE-2018-16324 | Cross-site Scripting vulnerability in Icewarp Mail Server In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | 6.1 |
| 2018-05-08 | CVE-2015-1503 | Path Traversal vulnerability in Icewarp Mail Server Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. | 7.5 |