Filtered by vendor Icewarp
Subscriptions
Filtered by product Icewarp
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14499 | 1 Icewarp | 1 Icewarp | 2025-12-24 | N/A |
| IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a parameter passed to the gmaps webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25441. | ||||
| CVE-2025-14500 | 1 Icewarp | 1 Icewarp | 2025-12-24 | N/A |
| IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27394. | ||||
| CVE-2024-55218 | 1 Icewarp | 2 Icewarp, Server | 2025-10-02 | 6.1 Medium |
| IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. | ||||
| CVE-2024-0246 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-41013 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | ||||
| CVE-2023-39600 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 6.1 Medium |
| IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. | ||||
| CVE-2023-37728 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 6.1 Medium |
| IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | ||||
Page 1 of 1.