Icewarp
by IceWarp
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14500 | Cri | 0.64 | 9.8 | 0.01 | Dec 23, 2025 | IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists… | ||
| CVE-2025-14499 | Hig | 0.57 | 8.8 | 0.01 | Dec 23, 2025 | IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious… | ||
| CVE-2018-25269 | Med | 0.40 | 6.1 | 0.00 | Apr 22, 2026 | ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that… | ||
| CVE-2026-2493 | 0.04 | — | 0.04 | Mar 13, 2026 | IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw… | |||
| CVE-2023-37728 | 0.01 | — | 0.01 | Jul 20, 2023 | IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | |||
| CVE-2020-27982 | 0.01 | — | 0.05 | Nov 9, 2020 | IceWarp 11.4.5.0 allows XSS via the language parameter. | |||
| CVE-2024-0246 | 0.00 | — | 0.00 | Jan 5, 2024 | A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25alert(document.domai… | |||
| CVE-2023-41013 | 0.00 | — | 0.00 | Sep 12, 2023 | Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||
| CVE-2023-39600 | 0.00 | — | 0.01 | Aug 25, 2023 | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. |
- risk 0.64cvss 9.8epss 0.01
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- risk 0.57cvss 8.8epss 0.01
IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- risk 0.40cvss 6.1epss 0.00
ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that…
- CVE-2026-2493Mar 13, 2026risk 0.04cvss —epss 0.04
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw…
- CVE-2023-37728Jul 20, 2023risk 0.01cvss —epss 0.01
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.
- CVE-2020-27982Nov 9, 2020risk 0.01cvss —epss 0.05
IceWarp 11.4.5.0 allows XSS via the language parameter.
- CVE-2024-0246Jan 5, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25alert(document.domai…
- CVE-2023-41013Sep 12, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
- CVE-2023-39600Aug 25, 2023risk 0.00cvss —epss 0.01
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.