Server
by IceWarp
Source repositories
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14064 | 0.00 | — | 0.01 | Jul 15, 2020 | IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | |||
| CVE-2019-19265 | 0.00 | — | 0.01 | Jan 6, 2020 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | |||
| CVE-2019-19266 | 0.00 | — | 0.01 | Jan 6, 2020 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | |||
| CVE-2011-3580 | 0.00 | — | 0.02 | Sep 30, 2011 | IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function. | |||
| CVE-2008-5734 | 0.00 | — | 0.01 | Dec 26, 2008 | Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. | |||
| CVE-2007-5046 | 0.00 | — | 0.01 | Sep 24, 2007 | Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload… | |||
| CVE-2005-1488 | 0.00 | — | 0.00 | May 11, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2)… |
- CVE-2020-14064Jul 15, 2020risk 0.00cvss —epss 0.01
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
- CVE-2019-19265Jan 6, 2020risk 0.00cvss —epss 0.01
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
- CVE-2019-19266Jan 6, 2020risk 0.00cvss —epss 0.01
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
- CVE-2011-3580Sep 30, 2011risk 0.00cvss —epss 0.02
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
- CVE-2008-5734Dec 26, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message.
- CVE-2007-5046Sep 24, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload…
- CVE-2005-1488May 11, 2005risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2)…
Page 2 of 2