Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-11	CVE-2010-5336	Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. network low complexity icewarp CWE-79	6.1
2018-09-01	CVE-2018-16324	Cross-site Scripting vulnerability in Icewarp Mail Server In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. network low complexity icewarp CWE-79	6.1
2018-06-30	CVE-2018-7475	Cross-site Scripting vulnerability in Icewarp Mail Server 12.0.3 Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. network low complexity icewarp CWE-79	6.1
2017-08-31	CVE-2017-7855	Cross-site Scripting vulnerability in Icewarp Server 11.3.1.5 In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. network low complexity icewarp CWE-79	6.1
2017-08-23	CVE-2017-12844	Cross-site Scripting vulnerability in Icewarp Mail Server 10.4.4 Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. network low complexity icewarp CWE-79	4.8