Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Webclient Security Vulnerabilities

cve
cve

CVE-2010-5334

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the ...

7.5CVSS

7.4AI Score

0.002EPSS

2019-10-11 11:15 AM
29
cve
cve

CVE-2010-5335

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited t...

7.5CVSS

7.4AI Score

0.002EPSS

2019-10-11 11:15 AM
21
cve
cve

CVE-2010-5336

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.

6.1CVSS

5.9AI Score

0.001EPSS

2019-10-11 11:15 AM
22
cve
cve

CVE-2010-5337

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.

6.1CVSS

6AI Score

0.001EPSS

2019-10-11 11:15 AM
18
cve
cve

CVE-2010-5338

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.

6.1CVSS

6AI Score

0.001EPSS

2019-10-11 11:15 AM
21
cve
cve

CVE-2010-5339

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.

6.1CVSS

6AI Score

0.001EPSS

2019-10-11 11:15 AM
16
cve
cve

CVE-2010-5340

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.

6.1CVSS

6AI Score

0.001EPSS

2019-10-11 11:15 AM
22
cve
cve

CVE-2020-25925

Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.

6.1CVSS

6AI Score

0.001EPSS

2021-07-07 02:15 PM
23
4
cve
cve

CVE-2023-39598

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

6.1CVSS

6.4AI Score

0.11EPSS

2023-09-05 06:15 PM
13
cve
cve

CVE-2023-43319

Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.

6.1CVSS

6AI Score

0.001EPSS

2023-09-25 07:15 PM
28