Filtered by vendor Icewarp
Subscribe
Total
56 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-37728 | 1 Icewarp | 1 Icewarp | 2024-02-05 | N/A | 6.1 MEDIUM |
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | |||||
CVE-2022-35115 | 1 Icewarp | 1 Webclient Dc2 | 2024-02-04 | N/A | 9.8 CRITICAL |
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. | |||||
CVE-2020-25925 | 1 Icewarp | 1 Webclient | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||||
CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IceWarp 11.4.5.0 allows XSS via the language parameter. | |||||
CVE-2020-14065 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | |||||
CVE-2020-14066 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | |||||
CVE-2020-14064 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | |||||
CVE-2010-5334 | 1 Icewarp | 1 Webclient | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | |||||
CVE-2010-5335 | 1 Icewarp | 1 Webclient | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | |||||
CVE-2020-8512 | 1 Icewarp | 1 Icewarp Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | |||||
CVE-2010-5337 | 1 Icewarp | 1 Webclient | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | |||||
CVE-2010-5339 | 1 Icewarp | 1 Webclient | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | |||||
CVE-2010-5340 | 1 Icewarp | 1 Webclient | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | |||||
CVE-2019-19265 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | |||||
CVE-2010-5336 | 1 Icewarp | 1 Webclient | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | |||||
CVE-2010-5338 | 1 Icewarp | 1 Webclient | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | |||||
CVE-2019-19266 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | |||||
CVE-2019-12593 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | |||||
CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | |||||
CVE-2018-7475 | 1 Icewarp | 1 Mail Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. |