Medium severity6.1NVD Advisory· Published Apr 22, 2026· Updated May 26, 2026
CVE-2018-25269
CVE-2018-25269
Description
ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/45974nvdExploitVDB Entry
- www.vulncheck.com/advisories/icewarp-cross-site-scripting-via-email-html-injectionnvdThird Party Advisory
- www.icewarp.comnvdProduct
News mentions
0No linked articles in our index yet.