EUVD-2023-45550

Malicious code in bioql PyPI...

CVE-2024-50599

A reflected Cross-Site Scripting XSS vulnerability has been identified in Zimbra Collaboration Suite ZCS 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the...

CVE-2023-41013

Cross Site Scripting XSS in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

CVE-2024-50599

A reflected Cross-Site Scripting XSS vulnerability has been identified in Zimbra Collaboration Suite ZCS 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the...

CVE-2024-50599

CVE-2024-50599 describes a reflected Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 , affecting a webmail calendar endpoint. The issue arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in...

VulnCheck KEV: CVE-2019-12593

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal...

Cross site scripting

Cross Site Scripting XSS in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

CVE-2023-41013

Cross Site Scripting XSS in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

PT-2023-27745 · Icewarp · Icewarp

Name of the Vulnerable Software and Affected Versions: IceWarp version 10.3.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the p4 field in the Webmail Calendar, enabling Cross Site Scripting XSS attacks. Recommendations: For IceWarp version 10.3.1,...

IceWarp Cross-Site Scripting Vulnerability

IceWarp is an integrated enterprise communication and collaboration platform from IceWarp, a Czech company, designed to provide organizations with a variety of tools and features to support internal and external communication, collaboration and business processes. A security vulnerability exists ...

CVE-2023-41013

CVE-2023-41013 affects IceWarp Webmail Calendar (IceWarp 10.3.1). The issue is a Cross Site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the p4 field. The provided connected documents identify the affected product/version and the vulnerable...

Zimbra Collaboration Suite attachUrl Parameter Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from the lack of effective filtering...

IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from IceWarp Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient, which stems from the P4 field of the product's Webmail Calender feature not validating user input data. The vulnerability can be exploited to execut...

CVE-2020-25925

Cross Site Scripting XSS in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

CVE-2020-25925

Cross Site Scripting XSS in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

CVE-2020-25925

CVE-2020-25925 describes a cross-site scripting (XSS) flaw in IceWarp WebClient’s Webmail Calendar (version 10.3.5). The vulnerability allows an attacker to inject arbitrary web script or HTML through the p4 field, enabling client-side code execution. The available connected documents confirm the...

IceWarp WebClient 跨站脚本漏洞

Icewarp IceWarp WebClient is a web-based mail service client from IceWarp Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient, which stems from the P4 field of the product's Webmail Calender feature not validating user input data. The vulnerability can be exploited to execut...

IceWarp 10.4.4 Local File Inclusion

Exploit Title: IceWarp =10.4.4 local file include Date: 02/06/2019 Exploit Author: JameelNabbo Website: uitsec.com Vendor Homepage: http://www.icewarp.com Software Link: https://www.icewarp.com/downloads/trial/ Version: 10.4.4 Tested on: Windows 10 CVE: CVE-2019-12593 POC:...

CVE-2019-12593

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal...