Mail Server Security Vulnerabilities and Issues — Mail Server CVE List

Lucene search

IcewarpMail Server

16 matches found

CVE•added 2020/01/06 1:15 a.m.•92 views

CVE-2019-19265

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.

6.1CVSS6AI score0.00279EPSS

CVE•added 2020/01/06 12:15 a.m.•81 views

CVE-2019-19266

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.

5.4CVSS5.2AI score0.003EPSS

CVE•added 2019/06/03 5:29 p.m.•80 views

CVE-2019-12593

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

7.5CVSS7.3AI score0.75901EPSS

CVE•added 2023/08/25 12:15 a.m.•57 views

CVE-2023-39699

IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.

9.8CVSS9.2AI score0.00537EPSS

CVE•added 2018/05/08 8:29 p.m.•55 views

CVE-2015-1503

Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to...

7.8CVSS7.5AI score0.91758EPSS

CVE•added 2023/07/27 6:15 p.m.•52 views

CVE-2021-36580

Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.

6.1CVSS6.2AI score0.12428EPSS

CVE•added 2023/08/25 12:15 a.m.•47 views

CVE-2023-39700

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.

6.1CVSS6AI score0.14003EPSS

CVE•added 2011/09/30 5:55 p.m.•45 views

CVE-2011-3579

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an en...

6.4CVSS7AI score0.16792EPSS

CVE•added 2020/11/09 7:12 p.m.•41 views

CVE-2020-27982

IceWarp 11.4.5.0 allows XSS via the language parameter.

6.1CVSS5.9AI score0.07869EPSS

CVE•added 2020/07/15 8:15 p.m.•40 views

CVE-2020-14064

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.

6.5CVSS6.5AI score0.00671EPSS

CVE•added 2017/08/23 2:29 p.m.•39 views

CVE-2017-12844

Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.

4.8CVSS4.6AI score0.00176EPSS

CVE•added 2020/07/15 8:15 p.m.•39 views

CVE-2020-14066

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.

8.8CVSS8.7AI score0.02942EPSS

CVE•added 2011/09/30 5:55 p.m.•38 views

CVE-2011-3580

IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.

5CVSS6.3AI score0.00387EPSS

CVE•added 2018/06/30 2:29 p.m.•35 views

CVE-2018-7475

Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6.1AI score0.00329EPSS

CVE•added 2018/09/01 6:29 p.m.•32 views

CVE-2018-16324

In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.

6.1CVSS6AI score0.00233EPSS

CVE•added 2020/07/15 8:15 p.m.•31 views

CVE-2020-14065

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.

6.5CVSS6.5AI score0.0232EPSS