Shodan
Vulnerabilities
Vulnerable Software
Icewarp:  >> Webclient  Security Vulnerabilities
CVE-2023-43319
Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-09-25
CVE-2023-39598
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
CVSS Score
6.1
EPSS Score
0.435
Published
2023-09-05
CVE-2020-25925
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-07
CVE-2010-5335
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
CVSS Score
7.5
EPSS Score
0.019
Published
2019-10-11
CVE-2010-5336
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5337
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5338
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5339
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5340
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-11
CVE-2010-5334
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-10-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved