Icewarp: >> Mail Server >> 12.0.3 Security Vulnerabilities
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
CVSS Score
6.1
EPSS Score
0.125
Published
2023-07-27
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-06
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-01-06
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-01
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-06-30