Vulnerabilities > Icewarp

DATE CVE VULNERABILITY TITLE RISK
2019-10-11 CVE-2010-5339 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
network
low complexity
icewarp CWE-79
6.1
6.1
2019-10-11 CVE-2010-5338 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
network
low complexity
icewarp CWE-79
6.1
6.1
2019-10-11 CVE-2010-5337 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
network
low complexity
icewarp CWE-79
6.1
6.1
2019-10-11 CVE-2010-5336 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
network
low complexity
icewarp CWE-79
6.1
6.1
2019-10-11 CVE-2010-5335 Path Traversal vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability.
network
low complexity
icewarp CWE-22
7.5
7.5
2019-10-11 CVE-2010-5334 Path Traversal vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability.
network
low complexity
icewarp CWE-22
7.5
7.5
2019-06-03 CVE-2019-12593 Path Traversal vulnerability in Icewarp Mail Server
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
network
low complexity
icewarp CWE-22
7.5
7.5
2018-09-01 CVE-2018-16324 Cross-site Scripting vulnerability in Icewarp Mail Server
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
network
low complexity
icewarp CWE-79
6.1
6.1
2018-06-30 CVE-2018-7475 Cross-site Scripting vulnerability in Icewarp Mail Server 12.0.3
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
icewarp CWE-79
6.1
6.1
2018-05-08 CVE-2015-1503 Path Traversal vulnerability in Icewarp Mail Server
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) ..
network
low complexity
icewarp CWE-22
7.5
7.5