Published: 06/01/2020 Updated: 08/01/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

IceWarp WebMail Server 12.2.0 and 12.1.x prior to 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
icewarp mail server

IceWarp versions 1220 and 121x suffer from a cross site scripting vulnerability in notes for contacts ...

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted cross-site scripting attacks in its contact module If IceWarp users import a manipulated vcard, for example from an email, attackers can run arbitrary JavaScript code in t ...

CWE-79 http://seclists.org/fulldisclosure/2020/Jan/0 https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts https://nvd.nist.gov https://packetstormsecurity.com/files/155814/IceWarp-12.2.0-12.1.x-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-19265

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect