Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Icewarp Subscribe
Filtered by product Webclient
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25925 1 Icewarp 1 Webclient 2021-07-09 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
CVE-2010-5334 1 Icewarp 1 Webclient 2019-10-17 7.8 HIGH 7.5 HIGH
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
CVE-2010-5335 1 Icewarp 1 Webclient 2019-10-16 7.8 HIGH 7.5 HIGH
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
CVE-2010-5339 1 Icewarp 1 Webclient 2019-10-15 4.3 MEDIUM 6.1 MEDIUM
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5337 1 Icewarp 1 Webclient 2019-10-15 4.3 MEDIUM 6.1 MEDIUM
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5338 1 Icewarp 1 Webclient 2019-10-15 4.3 MEDIUM 6.1 MEDIUM
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5340 1 Icewarp 1 Webclient 2019-10-15 4.3 MEDIUM 6.1 MEDIUM
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVE-2010-5336 1 Icewarp 1 Webclient 2019-10-15 4.3 MEDIUM 6.1 MEDIUM
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.