Product:

Mail_server

(Icewarp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2023-07-27 CVE-2021-36580 Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. Icewarp_server, Mail_server 6.1
2023-08-25 CVE-2023-39700 IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. Mail_server 6.1
2023-08-25 CVE-2023-39699 IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. Mail_server 9.8
2020-11-02 CVE-2020-27982 IceWarp 11.4.5.0 allows XSS via the language parameter. Mail_server 6.1
2020-07-15 CVE-2020-14066 IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. Mail_server N/A
2020-07-15 CVE-2020-14065 IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. Mail_server N/A
2020-07-15 CVE-2020-14064 IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. Mail_server N/A
2018-06-30 CVE-2018-7475 Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. Mail_server N/A
2020-01-06 CVE-2019-19266 IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. Mail_server N/A
2020-01-06 CVE-2019-19265 IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. Mail_server N/A