Vulnerabilities > Icewarp > Mail Server > 11.4.5

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2021-36580 Open Redirect vulnerability in Icewarp Mail Server
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
network
low complexity
icewarp CWE-601
6.1
6.1
2020-11-02 CVE-2020-27982 Cross-site Scripting vulnerability in Icewarp Mail Server 11.4.5
IceWarp 11.4.5.0 allows XSS via the language parameter.
network
icewarp CWE-79
4.3
4.3
2020-01-06 CVE-2019-19265 Cross-site Scripting vulnerability in Icewarp Mail Server
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
network
icewarp CWE-79
4.3
4.3
2020-01-06 CVE-2019-19266 Cross-site Scripting vulnerability in Icewarp Mail Server
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
network
icewarp CWE-79
3.5
3.5
2018-09-01 CVE-2018-16324 Cross-site Scripting vulnerability in Icewarp Mail Server
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
network
icewarp CWE-79
4.3
4.3