97 matches found
CVE-2012-2593
Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...
Cross site scripting
Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...
CVE-2012-2593
The connected documentation confirms a concrete issue: Atmail Webmail Server 6.4 has an XSS vulnerability in its administrative interface that can be triggered via the Date field of an email, enabling attackers to inject arbitrary script/HTML. Exploitation is evidenced by linked exploit-publicati...
CVE-2012-2593
Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...
IceWarp Webmail Server color Cross-Site Scripting Vulnerability
IceWarp Webmail Server is a WEB mail server. IceWarp Webmail Server color handling suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to sensitive information or hijack...
CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...
CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...
CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter...
CVE-2020-8512
IceWarp WebMail Server =11.4.4.2 or apply the vendor patch. Public exploits/poC references (e.g., Exploit-DB entry 47988) indicate real-world testing of the vulnerability. No details on successful exploitation in the provided docs beyond the XSS description. Recommend applying the vendor patch or...
IceWarp WebMail Server Cross-Site Scripting Vulnerability (CNVD-2020-02978)
IceWarp WebMail Server is a Web-based mail server product from the U.S. company IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration and more. A cross-site scripting vulnerability exists in object annotations in IceWarp WebMail Server version 12.2.0 and...
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 2 of 2 in notes for objects...
Cross site scripting
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 2 of 2 in notes for objects...
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 and probably earlier versions allows XSS issue 1 of 2 in notes for contacts...
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 are affected by a cross-site scripting vulnerability in notes for contacts. The root cause is lack of proper validation of client data by the WEB application, enabling attacker-supplied content (e.g., manipulated vCard) to execute JavaScrip...
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 are affected by a Cross‑Site Scripting (XSS) vulnerability in object notes. The root cause is lack of proper validation of client‑side data by the WEB application, allowing injected JavaScript to execute when notes are displayed to users....
IceWarp 12.2.0 / 12.1.x Cross Site Scripting
Advisory: IceWarp: Cross-Site Scripting in Notes During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to cross-site scripting attacks in notes for objects. If attackers with access to the IceWarp system provide a manipulated object that is displayed by...
IceWarp 12.2.0 / 12.1.x Cross Site Scripting
Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted cross-site scripting attacks in its contact module. If IceWarp users import a manipulated vcard, for example from an...
Cross site request forgery (csrf)
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...
IA WebMail Server 3.0/3.1 Long GET Request Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8965/info IA WebMail Server is said to be prone to a remote buffer overrun that could allow an attacker to execute arbitrary code. The problem occurs due to insufficient bounds checking when handling GET requests. As a...
Cross site scripting
Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...