Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icewarp vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
Icewarp Mail Server
6.1
CVSSv3
CVE-2017-7855
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
Icewarp Server 11.3.1.5
6.1
CVSSv3
CVE-2020-25925
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote malicious users to inject arbitrary web script or HTML via the "p4" field.
Icewarp Webclient 10.3.5
5.4
CVSSv3
CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
Icewarp Mail Server
7.5
CVSSv3
CVE-2019-12593
IceWarp Mail Server up to and including 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
Icewarp Mail Server
1 EDB exploit
6.1
CVSSv3
CVE-2018-16324
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
Icewarp Mail Server
NA
CVE-2005-0322
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.
Icewarp Web Mail 5.3.0
Icewarp Web Mail 5.3.2
Merak Mail Server 7.6.0
Merak Mail Server 7.6.4r
9.8
CVSSv3
CVE-2022-35115
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) exists to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
Icewarp Webclient Dc2 13.0.2.9
9.8
CVSSv3
CVE-2023-39699
IceWarp Mail Server v10.4.5 exists to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows malicious users to include or execute files from the local file system of the targeted server.
Icewarp Mail Server 10.4.5
6.1
CVSSv3
CVE-2023-39700
IceWarp Mail Server v10.4.5 exists to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
Icewarp Mail Server 10.4.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »