Shodan
Vulnerabilities
Vulnerable Software
Icewarp:  Security Vulnerabilities
CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
CVSS Score
6.1
EPSS Score
0.368
Published
2020-02-01
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-06
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-01-06
CVE-2010-5335
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
CVSS Score
7.5
EPSS Score
0.019
Published
2019-10-11
CVE-2010-5336
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5337
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5338
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5339
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5340
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5334
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-10-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved