CVE-2021-36580
https://notcve.org/view.php?id=CVE-2021-36580
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. • http://icewarp.com http://mail.ziyan.com https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-8512 – IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. En IceWarp Webmail Server versiones hasta 11.4.4.1, se presenta una vulnerabilidad XSS en el parámetro color del archivo /webmail/. IceWarp WebMail versions 11.4.4.1 and below suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/47988 http://packetstormsecurity.com/files/156103/IceWarp-WebMail-11.4.4.1-Cross-Site-Scripting.html https://cxsecurity.com/issue/WLB-2020010205 https://packetstormsecurity.com/files/156103/IceWarp-WebMail-11.4.4.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •