CVE-2025-14500
- EPSS 0.98%
- Veröffentlicht 23.12.2025 21:19:24
- Zuletzt bearbeitet 29.12.2025 15:58:56
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability....
CVE-2025-14499
- EPSS 0.26%
- Veröffentlicht 23.12.2025 21:19:13
- Zuletzt bearbeitet 29.12.2025 15:58:56
IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the t...
CVE-2024-55218
- EPSS 0.27%
- Veröffentlicht 07.01.2025 20:15:30
- Zuletzt bearbeitet 02.10.2025 17:00:04
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
CVE-2024-0246
- EPSS 0.07%
- Veröffentlicht 05.01.2024 14:15:48
- Zuletzt bearbeitet 21.11.2024 08:46:08
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zz...
CVE-2023-41013
- EPSS 0.17%
- Veröffentlicht 12.09.2023 12:15:08
- Zuletzt bearbeitet 21.11.2024 08:20:24
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
CVE-2023-39600
- EPSS 3.22%
- Veröffentlicht 25.08.2023 20:15:08
- Zuletzt bearbeitet 21.11.2024 08:15:41
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2023-37728
- EPSS 13.16%
- Veröffentlicht 20.07.2023 18:15:12
- Zuletzt bearbeitet 21.11.2024 08:12:11
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.