Vulnerabilities > Icewarp > Mail Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-39700 | Cross-site Scripting vulnerability in Icewarp Mail Server 10.4.5 IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. | 6.1 |
| 2023-07-27 | CVE-2021-36580 | Open Redirect vulnerability in Icewarp Mail Server Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | 6.1 |
| 2020-11-02 | CVE-2020-27982 | Cross-site Scripting vulnerability in Icewarp Mail Server 11.4.5 IceWarp 11.4.5.0 allows XSS via the language parameter. | 4.3 |
| 2020-07-15 | CVE-2020-14066 | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | 6.5 |
| 2020-07-15 | CVE-2020-14065 | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | 4.0 |
| 2020-07-15 | CVE-2020-14064 | Exposure of Resource to Wrong Sphere vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | 4.0 |
| 2020-01-06 | CVE-2019-19265 | Cross-site Scripting vulnerability in Icewarp Mail Server IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | 4.3 |
| 2019-06-03 | CVE-2019-12593 | Path Traversal vulnerability in Icewarp Mail Server IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | 5.0 |
| 2018-09-01 | CVE-2018-16324 | Cross-site Scripting vulnerability in Icewarp Mail Server In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | 4.3 |
| 2018-06-30 | CVE-2018-7475 | Cross-site Scripting vulnerability in Icewarp Mail Server 12.0.3 Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | 4.3 |