CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39699
https://notcve.org/view.php?id=CVE-2023-39699
24 Aug 2023 — IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. • https://cwe.mitre.org/data/definitions/98.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 15%CPEs: 1EXPL: 1CVE-2023-39700
https://notcve.org/view.php?id=CVE-2023-39700
24 Aug 2023 — IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. Se ha descubierto que IceWarp Mail Server v10.4.5 contiene una vulnerabilidad de Cross-Site Scripting reflejado (XSS) a través del parámetro color. • https://cwe.mitre.org/data/definitions/79.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 12%CPEs: 2EXPL: 0CVE-2021-36580
https://notcve.org/view.php?id=CVE-2021-36580
27 Jul 2023 — Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. • http://icewarp.com • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 13%CPEs: 1EXPL: 3CVE-2020-27982 – Icewarp WebMail 11.4.5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-27982
29 Oct 2020 — IceWarp 11.4.5.0 allows XSS via the language parameter. IceWarp versión 11.4.5.0, permite un ataque de tipo XSS por medio del parámetro language Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/159763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2020-14066
https://notcve.org/view.php?id=CVE-2020-14066
15 Jul 2020 — IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos JavaScript que son peligrosos para que los clientes accedan • https://github.com/pinpinsec/CVE-2020-14066 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 2CVE-2020-14065
https://notcve.org/view.php?id=CVE-2020-14065
15 Jul 2020 — IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. IceWarp Email Server versión 12.3.0.1, permite a atacantes remotos cargar archivos y consumir espacio en disco • https://github.com/pinpinsec/CVE-2020-14065 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14064
https://notcve.org/view.php?id=CVE-2020-14064
15 Jul 2020 — IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. IceWarp Email Server versión 12.3.0.1, presenta un Control de Acceso Incorrecto para las cuentas de usuario • https://github.com/networksecure/CVE-2020-14064 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2019-19266 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19266
03 Jan 2020 — IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. IceWarp WebMail Server versión 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 2 de 2) en notas para objetos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability. • https://packetstorm.news/files/id/155826 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-19265 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19265
02 Jan 2020 — IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. IceWarp WebMail Server versiones 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 1 de 2) en notas para contactos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability in notes for contacts. • https://packetstorm.news/files/id/155814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 75%CPEs: 1EXPL: 3CVE-2019-12593 – IceWarp 10.4.4 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2019-12593
03 Jun 2019 — IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. En IceWarp Mail Server hasta la versión 10.4.4 un salto de directorio permite una vulnerabilidad de inclusión de archivos locales mediante webmail / calendar / minimizer / index.php? Style = ..% 5c IceWarp versions 10.4.4 and below suffer from a local file inclusion vulnerability. • https://packetstorm.news/files/id/153161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •