Filtered by vendor Icewarp
Subscribe
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43319 | 1 Icewarp | 1 Webclient | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | |||||
| CVE-2023-41013 | 1 Icewarp | 1 Icewarp | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||||
| CVE-2023-40779 | 1 Icewarp | 1 Deep Castle G2 | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. | |||||
| CVE-2023-39700 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. | |||||
| CVE-2023-39699 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. | |||||
| CVE-2023-39600 | 1 Icewarp | 1 Icewarp | 2024-11-21 | N/A | 6.1 MEDIUM |
| IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. | |||||
| CVE-2023-39598 | 1 Icewarp | 1 Webclient | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. | |||||
| CVE-2023-37728 | 1 Icewarp | 1 Icewarp | 2024-11-21 | N/A | 6.1 MEDIUM |
| IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | |||||
| CVE-2022-35115 | 1 Icewarp | 1 Webclient Dc2 | 2024-11-21 | N/A | 9.8 CRITICAL |
| IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. | |||||
| CVE-2020-8512 | 1 Icewarp | 1 Icewarp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | |||||
| CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp 11.4.5.0 allows XSS via the language parameter. | |||||
| CVE-2020-25925 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||||
| CVE-2020-14066 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | |||||
| CVE-2020-14065 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | |||||
| CVE-2020-14064 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | |||||
| CVE-2019-19266 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | |||||
| CVE-2019-19265 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | |||||
| CVE-2019-12593 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | |||||
| CVE-2018-7475 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | |||||