Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icewarp webclient vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43319
Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
Icewarp Webclient 10.3.5
NA
CVE-2023-39598
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote malicious user to execute arbitrary code via a crafted payload to the mid parameter.
Icewarp Webclient 10.2.1
NA
CVE-2022-35115
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) exists to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
Icewarp Webclient Dc2 13.0.2.9
4.3
CVSSv2
CVE-2020-25925
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote malicious users to inject arbitrary web script or HTML via the "p4" field.
Icewarp Webclient 10.3.5
7.8
CVSSv2
CVE-2010-5334
IceWarp Webclient prior to 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exp...
Icewarp Webclient
4.3
CVSSv2
CVE-2010-5336
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
Icewarp Webclient
4.3
CVSSv2
CVE-2010-5337
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
4.3
CVSSv2
CVE-2010-5338
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
4.3
CVSSv2
CVE-2010-5339
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
4.3
CVSSv2
CVE-2010-5340
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
Icewarp Webclient
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »