Vulnerabilities > Icewarp > Mail Server > 11.4.4

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2021-36580 Open Redirect vulnerability in Icewarp Mail Server
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
network
low complexity
icewarp CWE-601
6.1
6.1
2020-01-06 CVE-2019-19265 Cross-site Scripting vulnerability in Icewarp Mail Server
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
network
low complexity
icewarp CWE-79
6.1
6.1
2020-01-06 CVE-2019-19266 Cross-site Scripting vulnerability in Icewarp Mail Server
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
network
low complexity
icewarp CWE-79
5.4
5.4
2018-09-01 CVE-2018-16324 Cross-site Scripting vulnerability in Icewarp Mail Server
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
network
low complexity
icewarp CWE-79
6.1
6.1