Vulnerabilities > Icewarp > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-06 | CVE-2019-19266 | Cross-site Scripting vulnerability in Icewarp Mail Server IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | 3.5 |
| 2017-08-23 | CVE-2017-12844 | Cross-site Scripting vulnerability in Icewarp Mail Server 10.4.4 Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. | 3.5 |
| 2005-05-11 | CVE-2005-1488 | Cross-Site Scripting vulnerability in Mail Server Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html. | 1.9 |
| 2005-05-11 | CVE-2005-1490 | Local Security vulnerability in Mail Server Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html. | 2.1 |
| 2005-05-02 | CVE-2005-0321 | Information Disclosure vulnerability in Mail Server MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path. | 2.1 |