6 matches found
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 2 of 2 in notes for objects...
CVE-2020-19266
creationtimestamp| type| source ---|---|--- 2021-09-09 22:30:22+00:00| seen| https://t.me/cibsecurity/28629...
CVE-2020-19266
A stored XSS vulnerability exists in Dswjcms 1.6.4, specifically in index.php/Dswjcms/Site/articleList, allowing attackers to execute arbitrary web scripts/HTML. The root cause is lack of input validation/escaping for the affected parameter. No explicit exploitation details or remediation are pro...
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 are affected by a Cross‑Site Scripting (XSS) vulnerability in object notes. The root cause is lack of proper validation of client‑side data by the WEB application, allowing injected JavaScript to execute when notes are displayed to users....
IceWarp 12.2.0 / 12.1.x Cross Site Scripting
Advisory: IceWarp: Cross-Site Scripting in Notes During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to cross-site scripting attacks in notes for objects. If attackers with access to the IceWarp system provide a manipulated object that is displayed by...
CVE-2018-19266
CVE-2018-19266 is rejected/not used; this CVE ID does not represent an active vulnerability entry.