CVE-2010-5338
IceWarp Webclient prior to 10.2.1 is vulnerable to XSS via an HTTP POST to webmail/basic/ using the parameter _dlg[captcha][action]. The root cause is lack of proper validation of client data in the WEB application, with non-persistent input in 10.1.3 and 10.2.0. Affected product: IceWarp Webclie...