10 matches found
CVE-2023-43319
IceWarp WebClient 10.3.5 Sign-In page is vulnerable to Cross-Site Scripting (XSS) via the username parameter. Attackers can inject crafted payloads to execute arbitrary web scripts/HTML in the victim’s browser. Documents confirm the affected component and the vulnerability vector, but do not prov...
CVE-2010-5334
IceWarp Webclient before 10.2.1 contains a directory traversal vulnerability. Input passed via the _c parameter to basic/index.html is not properly sanitised, allowing reading arbitrary files on the IceWarp Mailserver or host OS. Affected: IceWarp Webclient prior to 10.2.1; impact described as po...
CVE-2023-39598
IceWarp WebClient 10.2.1 is affected by CVE-2023-39598: a Cross Site Scripting vulnerability that enables an attacker to run arbitrary script in the victim’s browser by crafting a payload to the mid parameter. The Nuclei template notes potential impacts such as session hijacking, defacement, or s...
CVE-2010-5336
The CVE-2010-5336 issue affects IceWarp Webclient prior to 10.2.1, where an XSS vulnerability is triggered by an HTTP POST to admin/login.html with the username parameter. The root cause is lack of input validation/escapes for client-side data within the Webclient Web application. Impact is clien...
CVE-2010-5338
IceWarp Webclient prior to 10.2.1 is vulnerable to XSS via an HTTP POST to webmail/basic/ using the parameter _dlg[captcha][action]. The root cause is lack of proper validation of client data in the WEB application, with non-persistent input in 10.1.3 and 10.2.0. Affected product: IceWarp Webclie...
CVE-2010-5340
CVE-2010-5340 concerns IceWarp Webclient prior to 10.2.1, where an XSS vulnerability exists in the webmail/ endpoint via an HTTP POST carrying a password parameter. The root cause is lack of proper validation/escaping of client-supplied data, enabling injection of script in the user’s browser. Pu...
CVE-2010-5335
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. The issue arises from inadequate sanitisation of input passed to a parameter in script to basic/minimizer/index.php, allowing an attacker to read arbitrary files on the IceWarp Mailserver or potentially the underlying OS. Mu...
CVE-2020-25925
CVE-2020-25925 describes a cross-site scripting (XSS) flaw in IceWarp WebClient’s Webmail Calendar (version 10.3.5). The vulnerability allows an attacker to inject arbitrary web script or HTML through the p4 field, enabling client-side code execution. The available connected documents confirm the...
CVE-2010-5339
CVE-2010-5339 affects IceWarp Webclient prior to 10.2.1. The issue is a Cross-Site Scripting vulnerability triggered by an HTTP POST to webmail/basic/ that uses the parameter _dlg[captcha][uid]. According to Red Hat and NVD entries, this XSS is non-persistent in versions 10.1.3 and 10.2.0, indica...
CVE-2010-5337
CVE-2010-5337 concerns IceWarp Webclient prior to version 10.2.1, which is vulnerable to a cross-site scripting (XSS) flaw. The issue is triggered by an HTTP POST to the webmail/basic/ path using the parameter _dlg[captcha][controller], as documented in multiple sources. The vulnerability is desc...