CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35115
https://notcve.org/view.php?id=CVE-2022-35115
23 Aug 2022 — IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. Se ha detectado que IceWarp WebClient DC2 - Update 2 Build 9 (versión 13.0.2.9) contiene una vulnerabilidad de inyección SQL por medio del parámetro search en el archivo /webmail/server/webmail.php. • https://support.icewarp.com/hc/en-us/community/posts/4419283857297-DC2-Update-2-Build-10-13-0-2-10- • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25925
https://notcve.org/view.php?id=CVE-2020-25925
07 Jul 2021 — Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Webmail Calender en IceWarp WebClient versión 10.3.5, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo "p4" • https://ashketchum.medium.com/cross-site-scripting-xss-in-webmail-calender-in-icewarp-webclient-cve-2020-25925-67e1cbc40bd9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 13%CPEs: 1EXPL: 3CVE-2020-27982 – Icewarp WebMail 11.4.5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-27982
29 Oct 2020 — IceWarp 11.4.5.0 allows XSS via the language parameter. IceWarp versión 11.4.5.0, permite un ataque de tipo XSS por medio del parámetro language Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/159763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2020-14066
https://notcve.org/view.php?id=CVE-2020-14066
15 Jul 2020 — IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos JavaScript que son peligrosos para que los clientes accedan • https://github.com/pinpinsec/CVE-2020-14066 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 2CVE-2020-14065
https://notcve.org/view.php?id=CVE-2020-14065
15 Jul 2020 — IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos y consumir espacio en disco • https://github.com/pinpinsec/CVE-2020-14065 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14064
https://notcve.org/view.php?id=CVE-2020-14064
15 Jul 2020 — IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. IceWarp Email Server versión 12.3.0.1, presenta un Control de Acceso Incorrecto para las cuentas de usuario • https://github.com/networksecure/CVE-2020-14064 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 37%CPEs: 1EXPL: 4CVE-2020-8512 – IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8512
27 Jan 2020 — In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. En IceWarp Webmail Server versiones hasta 11.4.4.1, se presenta una vulnerabilidad XSS en el parámetro color del archivo /webmail/. IceWarp WebMail versions 11.4.4.1 and below suffer from a cross site scripting vulnerability. • https://packetstorm.news/files/id/156103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2019-19266 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19266
03 Jan 2020 — IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. IceWarp WebMail Server versión 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 2 de 2) en notas para objetos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability. • https://packetstorm.news/files/id/155826 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-19265 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19265
02 Jan 2020 — IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. IceWarp WebMail Server versiones 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 1 de 2) en notas para contactos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability in notes for contacts. • https://packetstorm.news/files/id/155814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2010-5334
https://notcve.org/view.php?id=CVE-2010-5334
11 Oct 2019 — IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. IceWarp Webclient versiones anteriores a 10.2.1 presenta una vulnerabilidad de salto de directorio. Esto puede resultar en la pé... • https://vuldb.com/?id.142994 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •