Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icewarp webclient 10.2.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-39598
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote malicious user to execute arbitrary code via a crafted payload to the mid parameter.
Icewarp Webclient 10.2.1
6.1
CVSSv3
CVE-2010-5336
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
Icewarp Webclient
6.1
CVSSv3
CVE-2010-5340
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
Icewarp Webclient
6.1
CVSSv3
CVE-2010-5337
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
6.1
CVSSv3
CVE-2010-5338
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
6.1
CVSSv3
CVE-2010-5339
IceWarp Webclient prior to 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
Icewarp Webclient
7.5
CVSSv3
CVE-2010-5334
IceWarp Webclient prior to 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exp...
Icewarp Webclient
7.5
CVSSv3
CVE-2010-5335
IceWarp Webclient prior to 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can the...
Icewarp Webclient
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started