Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts
During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module If IceWarp users import a manipulated
vcard, for example from an email, attackers can run arbitrary JavaScript
code in t ...