2 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 1

Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. • http://securityreason.com/securityalert/925 http://www.securityfocus.com/archive/1/434121/100/0/threaded http://www.securityfocus.com/bid/17995 https://exchange.xforce.ibmcloud.com/vulnerabilities/26680 •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords. • http://marc.info/?l=bugtraq&m=110693950205007&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19153 •