3 matches found
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 1 of 2 in notes for contacts...
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 are affected by a cross-site scripting vulnerability in notes for contacts. The root cause is lack of proper validation of client data by the WEB application, enabling attacker-supplied content (e.g., manipulated vCard) to execute JavaScrip...
IceWarp 12.2.0 / 12.1.x Cross Site Scripting
Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted cross-site scripting attacks in its contact module. If IceWarp users import a manipulated vcard, for example from an...