Webclient Security Vulnerabilities and Issues — Webclient CVE List

Lucene search

IcewarpWebclient

10 matches found

CVE•added 2023/09/25 7:15 p.m.•40 views

CVE-2023-43319

Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.

6.1CVSS6AI score0.00256EPSS

CVE•added 2019/10/11 11:15 a.m.•39 views

CVE-2010-5334

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the ...

7.8CVSS7.4AI score0.01056EPSS

CVE•added 2019/10/11 11:15 a.m.•36 views

CVE-2010-5336

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.

6.1CVSS5.9AI score0.0021EPSS

CVE•added 2019/10/11 11:15 a.m.•33 views

CVE-2010-5335

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited t...

7.8CVSS7.4AI score0.01884EPSS

CVE•added 2019/10/11 11:15 a.m.•33 views

CVE-2010-5338

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.

6.1CVSS6AI score0.0021EPSS

CVE•added 2019/10/11 11:15 a.m.•31 views

CVE-2010-5340

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.

6.1CVSS6AI score0.0021EPSS

CVE•added 2021/07/07 2:15 p.m.•30 views

CVE-2020-25925

Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.

6.1CVSS6AI score0.00195EPSS

CVE•added 2023/09/05 6:15 p.m.•28 views

CVE-2023-39598

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

6.1CVSS6.4AI score0.43484EPSS

CVE•added 2019/10/11 11:15 a.m.•25 views

CVE-2010-5337

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.

6.1CVSS6AI score0.0021EPSS

CVE•added 2019/10/11 11:15 a.m.•24 views

CVE-2010-5339

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.

6.1CVSS6AI score0.0021EPSS