Show filters
65 Total Results
Displaying 11-20 of 65
Sort by:
Attacker Value
Unknown

CVE-2022-35115

Disclosure Date: August 23, 2022 (last updated October 08, 2023)
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-25925

Disclosure Date: July 07, 2021 (last updated February 23, 2025)
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-27982

Disclosure Date: November 02, 2020 (last updated February 22, 2025)
IceWarp 11.4.5.0 allows XSS via the language parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-14064

Disclosure Date: July 15, 2020 (last updated February 21, 2025)
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-14066

Disclosure Date: July 15, 2020 (last updated February 21, 2025)
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-14065

Disclosure Date: July 15, 2020 (last updated February 21, 2025)
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-8512

Disclosure Date: February 01, 2020 (last updated February 21, 2025)
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-19266

Disclosure Date: January 06, 2020 (last updated February 21, 2025)
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2010-5336

Disclosure Date: October 11, 2019 (last updated November 27, 2024)
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2010-5340

Disclosure Date: October 11, 2019 (last updated November 27, 2024)
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >