VYPR

Icewarp

by IceWarp

CVEs (9)

  • CVE-2025-14500CriDec 23, 2025
    risk 0.64cvss 9.8epss 0.01

    IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists…

  • CVE-2025-14499HigDec 23, 2025
    risk 0.57cvss 8.8epss 0.01

    IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious…

  • CVE-2018-25269MedApr 22, 2026
    risk 0.40cvss 6.1epss 0.00

    ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that…

  • CVE-2026-2493Mar 13, 2026
    risk 0.04cvss epss 0.04

    IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2023-37728Jul 20, 2023
    risk 0.01cvss epss 0.01

    IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.

  • CVE-2020-27982Nov 9, 2020
    risk 0.01cvss epss 0.05

    IceWarp 11.4.5.0 allows XSS via the language parameter.

  • CVE-2024-0246Jan 5, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25alert(document.domai…

  • CVE-2023-41013Sep 12, 2023
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.

  • CVE-2023-39600Aug 25, 2023
    risk 0.00cvss epss 0.01

    IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.