Lucene search
K

97 matches found

NVD
NVD
added 2020/02/06 2:15 p.m.16 views

CVE-2012-2593

Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...

6.1CVSS6.1AI score0.06229EPSS
Exploits2References2
Prion
Prion
added 2020/02/06 2:15 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...

4.3CVSS6.1AI score0.06229EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2020/02/06 1:47 p.m.43 views

CVE-2012-2593

The connected documentation confirms a concrete issue: Atmail Webmail Server 6.4 has an XSS vulnerability in its administrative interface that can be triggered via the Date field of an email, enabling attackers to inject arbitrary script/HTML. Exploitation is evidenced by linked exploit-publicati...

6.1CVSS6AI score0.06229EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/02/06 1:47 p.m.23 views

CVE-2012-2593

Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...

6.1AI score0.06229EPSS
Exploits2References2
CNVD
CNVD
added 2020/02/04 12:0 a.m.2 views

IceWarp Webmail Server color Cross-Site Scripting Vulnerability

IceWarp Webmail Server is a WEB mail server. IceWarp Webmail Server color handling suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to sensitive information or hijack...

6.1CVSS6.4AI score0.14834EPSS
Exploits5References1
OSV
OSV
added 2020/02/01 12:15 a.m.3 views

CVE-2020-8512

In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...

6.1CVSS6.3AI score0.14834EPSS
Exploits5References3
NVD
NVD
added 2020/02/01 12:15 a.m.27 views

CVE-2020-8512

In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...

6.1CVSS6AI score0.14834EPSS
Exploits5References3
Cvelist
Cvelist
added 2020/01/31 11:5 p.m.24 views

CVE-2020-8512

In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...

6AI score0.14834EPSS
Exploits5References3
CVE
CVE
added 2020/01/31 11:5 p.m.231 views

CVE-2020-8512

IceWarp WebMail Server =11.4.4.2 or apply the vendor patch. Public exploits/poC references (e.g., Exploit-DB entry 47988) indicate real-world testing of the vulnerability. No details on successful exploitation in the provided docs beyond the XSS description. Recommend applying the vendor patch or...

6.1CVSS5.9AI score0.14834EPSS
Exploits5References3Affected Software1
CNVD
CNVD
added 2020/01/07 12:0 a.m.3 views

IceWarp WebMail Server Cross-Site Scripting Vulnerability (CNVD-2020-02978)

IceWarp WebMail Server is a Web-based mail server product from the U.S. company IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration and more. A cross-site scripting vulnerability exists in object annotations in IceWarp WebMail Server version 12.2.0 and...

5.4CVSS6.3AI score0.00602EPSS
Exploits2References1
OSV
OSV
added 2020/01/06 12:15 a.m.4 views

CVE-2019-19266

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 2 of 2 in notes for objects...

5.4CVSS6.1AI score0.00602EPSS
Exploits2References2
Prion
Prion
added 2020/01/06 12:15 a.m.16 views

Cross site scripting

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 2 of 2 in notes for objects...

3.5CVSS5.2AI score0.00602EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/01/06 12:9 a.m.20 views

CVE-2019-19265

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 1 of 2 in notes for contacts...

6.1AI score0.00866EPSS
Exploits2References2
CVE
CVE
added 2020/01/06 12:9 a.m.105 views

CVE-2019-19265

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 are affected by a cross-site scripting vulnerability in notes for contacts. The root cause is lack of proper validation of client data by the WEB application, enabling attacker-supplied content (e.g., manipulated vCard) to execute JavaScrip...

6.1CVSS6AI score0.00866EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2020/01/06 12:0 a.m.97 views

CVE-2019-19266

IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 are affected by a Cross‑Site Scripting (XSS) vulnerability in object notes. The root cause is lack of proper validation of client‑side data by the WEB application, allowing injected JavaScript to execute when notes are displayed to users....

5.4CVSS5.2AI score0.00602EPSS
Exploits2References2Affected Software1
Packet Storm
Packet Storm
added 2020/01/03 12:0 a.m.189 views

IceWarp 12.2.0 / 12.1.x Cross Site Scripting

Advisory: IceWarp: Cross-Site Scripting in Notes During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to cross-site scripting attacks in notes for objects. If attackers with access to the IceWarp system provide a manipulated object that is displayed by...

5.6AI score0.00602EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/01/02 12:0 a.m.209 views

IceWarp 12.2.0 / 12.1.x Cross Site Scripting

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted cross-site scripting attacks in its contact module. If IceWarp users import a manipulated vcard, for example from an...

6.4AI score0.00866EPSS
Exploits2
Prion
Prion
added 2019/10/24 6:15 p.m.15 views

Cross site request forgery (csrf)

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

6.8CVSS8.2AI score0.01115EPSS
Exploits6References8Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

IA WebMail Server 3.0/3.1 Long GET Request Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8965/info IA WebMail Server is said to be prone to a remote buffer overrun that could allow an attacker to execute arbitrary code. The problem occurs due to insufficient bounds checking when handling GET requests. As a...

7.1AI score
Exploits0
Prion
Prion
added 2014/02/12 6:55 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

4.3CVSS6AI score0.01892EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder