Filtered by vendor Icewarp
Subscriptions
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-5338 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | ||||
| CVE-2010-5337 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | ||||
| CVE-2010-5336 | 1 Icewarp | 1 Webclient | 2024-11-21 | 6.1 Medium |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | ||||
| CVE-2010-5335 | 1 Icewarp | 1 Webclient | 2024-11-21 | 7.5 High |
| IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | ||||
| CVE-2010-5334 | 1 Icewarp | 1 Webclient | 2024-11-21 | 7.5 High |
| IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | ||||