Vulnerabilities > Icewarp

DATE CVE VULNERABILITY TITLE RISK
2022-08-23 CVE-2022-35115 SQL Injection vulnerability in Icewarp Webclient DC2 13.0.2.9
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
network
low complexity
icewarp CWE-89
critical
9.8
2021-07-07 CVE-2020-25925 Cross-site Scripting vulnerability in Icewarp Webclient 10.3.5
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
network
low complexity
icewarp CWE-79
6.1
2020-11-02 CVE-2020-27982 Cross-site Scripting vulnerability in Icewarp Mail Server 11.4.5
IceWarp 11.4.5.0 allows XSS via the language parameter.
network
low complexity
icewarp CWE-79
6.1
2020-07-15 CVE-2020-14066 Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
network
low complexity
icewarp CWE-434
8.8
2020-07-15 CVE-2020-14065 Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
network
low complexity
icewarp CWE-434
6.5
2020-07-15 CVE-2020-14064 Exposure of Resource to Wrong Sphere vulnerability in Icewarp Mail Server 12.3.0.1
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
network
low complexity
icewarp CWE-668
6.5
2020-02-01 CVE-2020-8512 Cross-site Scripting vulnerability in Icewarp Server
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
network
low complexity
icewarp CWE-79
6.1
2020-01-06 CVE-2019-19265 Cross-site Scripting vulnerability in Icewarp Mail Server
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
network
low complexity
icewarp CWE-79
6.1
2020-01-06 CVE-2019-19266 Cross-site Scripting vulnerability in Icewarp Mail Server
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
network
low complexity
icewarp CWE-79
5.4
2019-10-11 CVE-2010-5340 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
network
low complexity
icewarp CWE-79
6.1