CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36580
https://notcve.org/view.php?id=CVE-2021-36580
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. • http://icewarp.com http://mail.ziyan.com https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23824
https://notcve.org/view.php?id=CVE-2020-23824
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. ArGo Soft Mail Server versión 1.8.8.9 está afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para realizar una ejecución de código arbitraria remota. El componente es el panel de administración. • https://github.com/V1n1v131r4/CSRF-on-ArGoSoft-Mail-Server/blob/master/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19266 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. IceWarp WebMail Server versión 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 2 de 2) en notas para objetos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2020/Jan/1 https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19265 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. IceWarp WebMail Server versiones 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 1 de 2) en notas para contactos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability in notes for contacts. • http://seclists.org/fulldisclosure/2020/Jan/0 https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2CVE-2019-12593 – IceWarp 10.4.4 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2019-12593
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. En IceWarp Mail Server hasta la versión 10.4.4 un salto de directorio permite una vulnerabilidad de inclusión de archivos locales mediante webmail / calendar / minimizer / index.php? Style = ..% 5c IceWarp versions 10.4.4 and below suffer from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/46959 http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •