Vulnerabilities > Icewarp > Webclient > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2023-43319 Cross-site Scripting vulnerability in Icewarp Webclient 10.3.5
Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
network
low complexity
icewarp CWE-79
6.1
6.1
2023-09-05 CVE-2023-39598 Cross-site Scripting vulnerability in Icewarp Webclient 10.2.1
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
network
low complexity
icewarp CWE-79
6.1
6.1
2021-07-07 CVE-2020-25925 Cross-site Scripting vulnerability in Icewarp Webclient 10.3.5
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
network
icewarp CWE-79
4.3
4.3
2019-10-11 CVE-2010-5340 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
network
icewarp CWE-79
4.3
4.3
2019-10-11 CVE-2010-5339 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
network
icewarp CWE-79
4.3
4.3
2019-10-11 CVE-2010-5338 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
network
icewarp CWE-79
4.3
4.3
2019-10-11 CVE-2010-5337 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
network
icewarp CWE-79
4.3
4.3
2019-10-11 CVE-2010-5336 Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
network
icewarp CWE-79
4.3
4.3