CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43319
https://notcve.org/view.php?id=CVE-2023-43319
Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. La vulnerabilidad de Cross Site Scripting (XSS) en la página de inicio de sesión de IceWarp WebClient 10.3.5 permite a los atacantes ejecutar scripts web arbitrarias o HTML a través de un payload manipulado inyectado en el parámetro de nombre de usuario. • https://medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-43319-c2ad758ac2bc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 10%CPEs: 1EXPL: 0CVE-2023-39598
https://notcve.org/view.php?id=CVE-2023-39598
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. La vulnerabilidad de Cross Site Scripting en WebClient v.10.2.1 de IceWarp Corporation permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado hasta el parámetro mid. • https://medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35115
https://notcve.org/view.php?id=CVE-2022-35115
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. Se ha detectado que IceWarp WebClient DC2 - Update 2 Build 9 (versión 13.0.2.9) contiene una vulnerabilidad de inyección SQL por medio del parámetro search en el archivo /webmail/server/webmail.php. • https://support.icewarp.com/hc/en-us/community/posts/4419283857297-DC2-Update-2-Build-10-13-0-2-10- https://veysel-xan.com/CVE-2022-35115.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25925
https://notcve.org/view.php?id=CVE-2020-25925
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Webmail Calender en IceWarp WebClient versión 10.3.5, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo "p4" • https://ashketchum.medium.com/cross-site-scripting-xss-in-webmail-calender-in-icewarp-webclient-cve-2020-25925-67e1cbc40bd9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5334
https://notcve.org/view.php?id=CVE-2010-5334
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. IceWarp Webclient versiones anteriores a 10.2.1 presenta una vulnerabilidad de salto de directorio. Esto puede resultar en la pérdida de datos confidenciales de IceWarp Mailserver y el sistema operativo. • https://vuldb.com/?id.142994 https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •