Icewarp » Mail Server : Security Vulnerabilities, CVEs,
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
Max CVSS
6.1
EPSS Score
0.10%
Published
2023-08-25
Updated
2023-08-30
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-08-25
Updated
2023-08-30
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
Max CVSS
6.1
EPSS Score
0.23%
Published
2023-07-27
Updated
2023-08-03
IceWarp 11.4.5.0 allows XSS via the language parameter.
Max CVSS
6.1
EPSS Score
0.25%
Published
2020-11-02
Updated
2022-06-29
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
Max CVSS
8.8
EPSS Score
0.36%
Published
2020-07-15
Updated
2020-07-22
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
Max CVSS
6.5
EPSS Score
0.14%
Published
2020-07-15
Updated
2020-07-22
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
Max CVSS
6.5
EPSS Score
0.05%
Published
2020-07-15
Updated
2020-07-22
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
Max CVSS
5.4
EPSS Score
0.07%
Published
2020-01-06
Updated
2020-01-08
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
Max CVSS
6.1
EPSS Score
0.14%
Published
2020-01-06
Updated
2020-01-08
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
Max CVSS
7.5
EPSS Score
11.51%
Published
2019-06-03
Updated
2019-06-04
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
Max CVSS
6.1
EPSS Score
0.42%
Published
2018-09-01
Updated
2018-11-06
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
Max CVSS
6.1
EPSS Score
0.21%
Published
2018-06-30
Updated
2020-02-06
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
Max CVSS
4.8
EPSS Score
0.07%
Published
2017-08-23
Updated
2017-08-29
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
Max CVSS
7.8
EPSS Score
90.42%
Published
2018-05-08
Updated
2018-06-12
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
Max CVSS
5.0
EPSS Score
3.90%
Published
2011-09-30
Updated
2017-08-29
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Max CVSS
6.4
EPSS Score
2.50%
Published
2011-09-30
Updated
2017-08-29
16 vulnerabilities found