Webclient

webclient

Vendor: Icewarp • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-43319 1Icewarp 1Webclient Nov 21, 2024 Sep 25, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
CVE-2023-39598 1Icewarp 1Webclient Nov 21, 2024 Sep 5, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
CVE-2020-25925 1Icewarp 1Webclient Nov 21, 2024 Jul 7, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
CVE-2010-5340 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVE-2010-5339 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5338 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5337 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5336 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVE-2010-5335 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/...Show more IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.Show less
CVE-2010-5334 1Icewarp 1Webclient Nov 21, 2024 Oct 11, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/inde...Show more IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.Show less