Vulnerabilities > Icewarp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-11 | CVE-2010-5338 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | 4.3 |
| 2019-10-11 | CVE-2010-5337 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | 4.3 |
| 2019-10-11 | CVE-2010-5336 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | 4.3 |
| 2019-10-11 | CVE-2010-5335 | Path Traversal vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. | 7.8 |
| 2019-10-11 | CVE-2010-5334 | Path Traversal vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. | 7.8 |
| 2019-06-03 | CVE-2019-12593 | Path Traversal vulnerability in Icewarp Mail Server IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | 5.0 |
| 2018-09-01 | CVE-2018-16324 | Cross-site Scripting vulnerability in Icewarp Mail Server In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | 4.3 |
| 2018-06-30 | CVE-2018-7475 | Cross-site Scripting vulnerability in Icewarp Mail Server 12.0.3 Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | 4.3 |
| 2018-05-08 | CVE-2015-1503 | Path Traversal vulnerability in Icewarp Mail Server Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. | 7.8 |
| 2017-08-31 | CVE-2017-7855 | Cross-site Scripting vulnerability in Icewarp Server 11.3.1.5 In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. | 4.3 |