CVE-2023-39700
https://notcve.org/view.php?id=CVE-2023-39700
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. Se ha descubierto que IceWarp Mail Server v10.4.5 contiene una vulnerabilidad de Cross-Site Scripting reflejado (XSS) a través del parámetro color. • https://cwe.mitre.org/data/definitions/79.html https://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-y https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_%28XSS%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39699
https://notcve.org/view.php?id=CVE-2023-39699
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. • https://cwe.mitre.org/data/definitions/98.html https://drive.google.com/file/d/1NkqL4ySJApyPy8B-zDC7vE-QMBQAu8OU https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-36580
https://notcve.org/view.php?id=CVE-2021-36580
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. • http://icewarp.com http://mail.ziyan.com https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-27982 – Icewarp WebMail 11.4.5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-27982
IceWarp 11.4.5.0 allows XSS via the language parameter. IceWarp versión 11.4.5.0, permite un ataque de tipo XSS por medio del parámetro language Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html https://cxsecurity.com/issue/WLB-2020100161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-23824
https://notcve.org/view.php?id=CVE-2020-23824
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF. ArGo Soft Mail Server versión 1.8.8.9 está afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para realizar una ejecución de código arbitraria remota. El componente es el panel de administración. • https://github.com/V1n1v131r4/CSRF-on-ArGoSoft-Mail-Server/blob/master/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •