7 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. IceWarp Webclient versiones anteriores a 10.2.1 presenta una vulnerabilidad de salto de directorio. Esto puede resultar en la pérdida de datos confidenciales de IceWarp Mailserver y el sistema operativo. • https://vuldb.com/?id.142994 https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. IceWarp Webclient versiones anteriores a 10.2.1, presenta una vulnerabilidad de salto de directorio. Esto puede resultar en la pérdida de datos confidenciales de IceWarp Mailserver y el sistema operativo. • https://vuldb.com/?id.142994 https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. IceWarp Webclient versiones anteriores a 10.2.1, presenta una vulnerabilidad de tipo XSS por medio de una petición POST de HTTP: en el archivo admin/login.html con el parámetro username que es persistente en la versión 10.2.0. • https://vuldb.com/?id.142993 https://www.gosecurity.ch/component/content/article/12-services/gosecuritynews/fachartikel/169-gosecurity-advisory-2010120602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. IceWarp Webclient versiones anteriores a 10.2.1, presenta una vulnerabilidad de tipo XSS por medio de una petición POST de HTTP: en el archivo webmail/basic/ con el parámetro _dlg[captcha][controlador] que no es persistente en las versiones 10.1.3 y 10.2.0. • https://vuldb.com/?id.142993 https://www.gosecurity.ch/component/content/article/12-services/gosecuritynews/fachartikel/169-gosecurity-advisory-2010120602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. IceWarp Webclient versiones anteriores a 10.2.1, presenta una vulnerabilidad de tipo XSS por medio de una petición POST de HTTP: en el archivo webmail/basic/ con el parámetro _dlg[captcha][action] que no es persistente en las versiones 10.1.3 y 10.2.0. • https://vuldb.com/?id.142993 https://www.gosecurity.ch/component/content/article/12-services/gosecuritynews/fachartikel/169-gosecurity-advisory-2010120602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •