Lucene search
K
IcewarpWebclient

10 matches found

CVE
CVE
added 2023/09/25 12:0 a.m.60 views

CVE-2023-43319

IceWarp WebClient 10.3.5 Sign-In page is vulnerable to Cross-Site Scripting (XSS) via the username parameter. Attackers can inject crafted payloads to execute arbitrary web scripts/HTML in the victim’s browser. Documents confirm the affected component and the vulnerability vector, but do not prov...

6.1CVSS6AI score0.00429EPSS
CVE
CVE
added 2019/10/11 10:36 a.m.51 views

CVE-2010-5334

IceWarp Webclient before 10.2.1 contains a directory traversal vulnerability. Input passed via the _c parameter to basic/index.html is not properly sanitised, allowing reading arbitrary files on the IceWarp Mailserver or host OS. Affected: IceWarp Webclient prior to 10.2.1; impact described as po...

7.8CVSS7.4AI score0.02551EPSS
Web
CVE
CVE
added 2023/09/05 12:0 a.m.49 views

CVE-2023-39598

IceWarp WebClient 10.2.1 is affected by CVE-2023-39598: a Cross Site Scripting vulnerability that enables an attacker to run arbitrary script in the victim’s browser by crafting a payload to the mid parameter. The Nuclei template notes potential impacts such as session hijacking, defacement, or s...

6.1CVSS6.4AI score0.0139EPSS
CVE
CVE
added 2019/10/11 10:35 a.m.47 views

CVE-2010-5336

The CVE-2010-5336 issue affects IceWarp Webclient prior to 10.2.1, where an XSS vulnerability is triggered by an HTTP POST to admin/login.html with the username parameter. The root cause is lack of input validation/escapes for client-side data within the Webclient Web application. Impact is clien...

6.1CVSS5.9AI score0.00836EPSS
Web
CVE
CVE
added 2019/10/11 10:35 a.m.44 views

CVE-2010-5338

IceWarp Webclient prior to 10.2.1 is vulnerable to XSS via an HTTP POST to webmail/basic/ using the parameter _dlg[captcha][action]. The root cause is lack of proper validation of client data in the WEB application, with non-persistent input in 10.1.3 and 10.2.0. Affected product: IceWarp Webclie...

6.1CVSS6AI score0.00836EPSS
Web
CVE
CVE
added 2019/10/11 10:35 a.m.44 views

CVE-2010-5340

CVE-2010-5340 concerns IceWarp Webclient prior to 10.2.1, where an XSS vulnerability exists in the webmail/ endpoint via an HTTP POST carrying a password parameter. The root cause is lack of proper validation/escaping of client-supplied data, enabling injection of script in the user’s browser. Pu...

6.1CVSS6AI score0.00836EPSS
Web
CVE
CVE
added 2019/10/11 10:36 a.m.42 views

CVE-2010-5335

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. The issue arises from inadequate sanitisation of input passed to a parameter in script to basic/minimizer/index.php, allowing an attacker to read arbitrary files on the IceWarp Mailserver or potentially the underlying OS. Mu...

7.8CVSS7.4AI score0.02803EPSS
CVE
CVE
added 2021/07/07 1:53 p.m.41 views

CVE-2020-25925

CVE-2020-25925 describes a cross-site scripting (XSS) flaw in IceWarp WebClient’s Webmail Calendar (version 10.3.5). The vulnerability allows an attacker to inject arbitrary web script or HTML through the p4 field, enabling client-side code execution. The available connected documents confirm the...

6.1CVSS6AI score0.01029EPSS
CVE
CVE
added 2019/10/11 10:35 a.m.39 views

CVE-2010-5339

CVE-2010-5339 affects IceWarp Webclient prior to 10.2.1. The issue is a Cross-Site Scripting vulnerability triggered by an HTTP POST to webmail/basic/ that uses the parameter _dlg[captcha][uid]. According to Red Hat and NVD entries, this XSS is non-persistent in versions 10.1.3 and 10.2.0, indica...

6.1CVSS6AI score0.00836EPSS
Web
CVE
CVE
added 2019/10/11 10:35 a.m.36 views

CVE-2010-5337

CVE-2010-5337 concerns IceWarp Webclient prior to version 10.2.1, which is vulnerable to a cross-site scripting (XSS) flaw. The issue is triggered by an HTTP POST to the webmail/basic/ path using the parameter _dlg[captcha][controller], as documented in multiple sources. The vulnerability is desc...

6.1CVSS6AI score0.00836EPSS
Web