IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting

IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter. id: CVE-2020-8512 info: name: IceWarp WebMail Server =11.4.4.2 or apply the vendor-provided patch to mitigate the vulnerability. reference: -...

IceWarp WebMail 11.4.5.0 - Cross-Site Scripting

IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter. id: CVE-2020-27982 info: name: IceWarp WebMail 11.4.5.0 - Cross-Site Scripting author: madrobot severity: medium description: IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language...

IceWarp Mail Server ≤11.4.0 - Open Redirect

IceWarp Mail Server version 11.4.0 and below contains an open redirect vulnerability that allows attackers to redirect users to arbitrary external domains through malicious URLs. id: CVE-2025-40630 info: name: IceWarp Mail Server ≤11.4.0 - Open Redirect author: DhiyaneshDK severity: medium...

IceWarp Mail Server v10.4.5 - Cross-Site Scripting

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39700 info: name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp Mail Server v10.4.5 was...

IceWarp Webmail Server v10.2.1 - Cross Site Scripting

Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-37728 info: name: IceWarp Webmail Server v10.2.1 - Cross Site Scripting author: technicaljunkie,r3Y3r53 severity: medium description: | Icewarp Icearp v10.2.1 was...

IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. id: CVE-2023-40779 info: name: IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect author: r3Y3r53 severity: medium description: | An issue in...

IceWarp Mail Server <=10.4.4 - Local File Inclusion

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. id: CVE-2019-12593 info: name: IceWarp Mail Server =10.4.4 - Local File Inclusion author: pikpikcu severity: high description: | IceWarp Ma...

IceWarp Mail Server <11.1.1 - Directory Traversal

IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. id: CVE-2015-1503 info: name: IceWarp Mail Server 11.1.1 - Directory Traversal author: 0xAkoko severity: high description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal...

IceWarp Server 10.2.1 - Cross-Site Scripting

IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting XSS via the meta parameter. id: CVE-2024-55218 info: name: IceWarp Server 10.2.1 - Cross-Site Scripting author: s4e-io severity: medium description: | IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting XSS via the meta parameter...

IceWarp 11.4.6.0 - Cross-Site Scripting

IceWarp 11.4.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39600 info: name: IceWarp 11.4.6.0 - Cross-Site Scripting author: Imjust0 severity: medium description: | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting XSS...

IceWarp WebMail 11.3.1.5 - Cross-Site Scripting

IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language parameter. id: CVE-2017-7855 info: name: IceWarp WebMail 11.3.1.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language...

IceWarp Email Client - Cross Site Scripting

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. id: CVE-2023-39598 info: name: IceWarp Email Client - Cross Site Scripting author: Imjust0 severity: medium description: |...

IceWarp Mail Server - Open Redirect

IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects. id: CVE-2021-36580 info: name: IceWarp Mail Server - Open Redirect author: DhiyaneshDk severity: medium description: | IceWarp Mail Server contains an open...

EUVD-2018-21785

ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when t...

CVE-2018-25269

ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the...

CVE-2018-25269 ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection

ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the...

CVE-2026-2493

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling...

CVE-2026-2493

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling...

IceWarp 路径遍历漏洞

IceWarp is an integrated enterprise communication and collaboration platform developed by the Czech company IceWarp. It aims to provide organizations with various tools and features to support internal and external communication, collaboration, and business processes. IceWarp has a path traversal...

CVE-2026-2493 IceWarp collaboration Directory Traversal Information Disclosure Vulnerability

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling...