CVE-2018-7475

Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
References
Link Resource
https://www.youtube.com/watch?v=8_3Q80JrMm4 Exploit Third Party Advisory
https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:icewarp:mail_server:12.0.3:*:*:*:*:*:*:*

Information

Published : 2018-06-30 07:29

Updated : 2020-02-06 06:43


NVD link : CVE-2018-7475

Mitre link : CVE-2018-7475


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

icewarp

  • mail_server