CVE-2021-36580
https://notcve.org/view.php?id=CVE-2021-36580
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. • http://icewarp.com http://mail.ziyan.com https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-19266 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19266
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. IceWarp WebMail Server versión 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 2 de 2) en notas para objetos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2020/Jan/1 https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-19265 – IceWarp 12.2.0 / 12.1.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19265
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. IceWarp WebMail Server versiones 12.2.0 y versiones 12.1.x anteriores a la versión 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 1 de 2) en notas para contactos. IceWarp versions 12.2.0 and 12.1.x suffer from a cross site scripting vulnerability in notes for contacts. • http://seclists.org/fulldisclosure/2020/Jan/0 https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16324
https://notcve.org/view.php?id=CVE-2018-16324
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. En IceWarp Server en versiones 12.0.3.1 y anteriores, hay Cross-Site Scripting (XSS) en el campo username en /webmail/. • https://cxsecurity.com/issue/WLB-2018080098 https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-7475
https://notcve.org/view.php?id=CVE-2018-7475
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad Cross-Site Scripting (XSS) en las URI webdav/ticket/ en IceWarp Mail Server 12.0.3 permite que atacantes remotos autenticados inyecten scripts web o HTLM. • https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475 https://www.youtube.com/watch?v=8_3Q80JrMm4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •