5 matches found
CVE-2025-40632
Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...
CVE-2025-40632
Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...
CVE-2025-40632 Cross-site scripting (XSS) vulnerability in IceWarp Mail Server
Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...
CVE-2025-40632 Cross-site scripting (XSS) vulnerability in IceWarp Mail Server
Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...
CVE-2025-40632
IceWarp Mail Server (v11.4.0) contains a Cross-Site Scripting (XSS) vulnerability where an attacker can modify the lastLogin cookie to inject JavaScript that executes when the page renders. Affected component is the web-facing handling of user data; the root cause is lack of proper filtering/esca...