WebClient
by IceWarp
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39598 | 0.05 | — | 0.01 | Sep 5, 2023 | Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. | |||
| CVE-2023-43319 | 0.00 | — | 0.00 | Sep 25, 2023 | Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | |||
| CVE-2022-35115 | 0.00 | — | 0.01 | Aug 23, 2022 | IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. | |||
| CVE-2020-25925 | 0.00 | — | 0.01 | Jul 7, 2021 | Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||
| CVE-2021-32816 | 0.00 | — | 0.01 | May 14, 2021 | ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the… | |||
| CVE-2010-5334 | 0.00 | — | 0.03 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be… | |||
| CVE-2010-5335 | 0.00 | — | 0.03 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can… | |||
| CVE-2010-5336 | 0.00 | — | 0.01 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | |||
| CVE-2010-5337 | 0.00 | — | 0.01 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | |||
| CVE-2010-5338 | 0.00 | — | 0.01 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | |||
| CVE-2010-5339 | 0.00 | — | 0.01 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | |||
| CVE-2010-5340 | 0.00 | — | 0.01 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. |
- CVE-2023-39598Sep 5, 2023risk 0.05cvss —epss 0.01
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
- CVE-2023-43319Sep 25, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
- CVE-2022-35115Aug 23, 2022risk 0.00cvss —epss 0.01
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
- CVE-2020-25925Jul 7, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
- CVE-2021-32816May 14, 2021risk 0.00cvss —epss 0.01
ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the…
- CVE-2010-5334Oct 11, 2019risk 0.00cvss —epss 0.03
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be…
- CVE-2010-5335Oct 11, 2019risk 0.00cvss —epss 0.03
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can…
- CVE-2010-5336Oct 11, 2019risk 0.00cvss —epss 0.01
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
- CVE-2010-5337Oct 11, 2019risk 0.00cvss —epss 0.01
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
- CVE-2010-5338Oct 11, 2019risk 0.00cvss —epss 0.01
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
- CVE-2010-5339Oct 11, 2019risk 0.00cvss —epss 0.01
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
- CVE-2010-5340Oct 11, 2019risk 0.00cvss —epss 0.01
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.