Vulnerabilities > Icewarp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-27982 | Cross-site Scripting vulnerability in Icewarp Mail Server 11.4.5 IceWarp 11.4.5.0 allows XSS via the language parameter. | 4.3 |
| 2020-07-15 | CVE-2020-14066 | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | 6.5 |
| 2020-07-15 | CVE-2020-14065 | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | 4.0 |
| 2020-07-15 | CVE-2020-14064 | Exposure of Resource to Wrong Sphere vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | 4.0 |
| 2020-02-01 | CVE-2020-8512 | Cross-site Scripting vulnerability in Icewarp Server 11.4.4.1 In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | 4.3 |
| 2020-01-06 | CVE-2019-19265 | Cross-site Scripting vulnerability in Icewarp Mail Server IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | 4.3 |
| 2019-10-11 | CVE-2010-5340 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | 4.3 |
| 2019-10-11 | CVE-2010-5339 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | 4.3 |
| 2019-10-11 | CVE-2010-5338 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | 4.3 |
| 2019-10-11 | CVE-2010-5337 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | 4.3 |