9 matches found
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
CVE-2021-36580
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
CVE-2023-39700
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2011-3579
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an en...
CVE-2020-27982
IceWarp 11.4.5.0 allows XSS via the language parameter.
CVE-2020-14064
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
CVE-2018-7475
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-16324
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
CVE-2020-14065
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.