VYPR
Vendor

IceWarp

IceWarp, Inc. is a software company located in Prague, Czech Republic. It develops IceWarp Mail Server, an email, messaging and collaboration service for small, medium and enterprise level businesses. IceWarp has offices in the United States, Germany, Russia, India, Dubai, and the Czech Republic. The company has been in business since 1998 and is used by over 50,000 businesses around the world. Its product is an alternative to Exchange Server, Office 365 or G Suite.

Founded 1998
Products
8
CVEs
76
Across products
87
Status
Private

Products

8

Recent CVEs

76
View all 76 CVEs →
  • CVE-2025-14500CriDec 23, 2025
    risk 0.64cvss 9.8epss 0.01

    IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists…

  • CVE-2025-14499HigDec 23, 2025
    risk 0.57cvss 8.8epss 0.01

    IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious…

  • CVE-2015-1503HigMay 8, 2018
    risk 0.56cvss 7.5epss 0.59

    Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or…

  • CVE-2018-25269MedApr 22, 2026
    risk 0.40cvss 6.1epss 0.00

    ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that…

  • CVE-2018-16324MedSep 1, 2018
    risk 0.40cvss 6.1epss 0.01

    In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.

  • CVE-2018-7475MedJun 30, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.

  • CVE-2017-7855MedAug 31, 2017
    risk 0.40cvss 6.1epss 0.02

    In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.

  • CVE-2017-12844MedAug 23, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.

  • CVE-2019-12593Jun 3, 2019
    risk 0.09cvss epss 0.41

    IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

  • CVE-2003-1192Nov 3, 2003
    risk 0.09cvss epss 0.69

    Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.

  • CVE-2020-8512Jan 31, 2020
    risk 0.06cvss epss 0.15

    In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.

  • CVE-2023-39598Sep 5, 2023
    risk 0.05cvss epss 0.01

    Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

  • CVE-2026-2493Mar 13, 2026
    risk 0.04cvss epss 0.04

    IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2005-4557Dec 28, 2005
    risk 0.04cvss epss 0.09

    dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal…

  • CVE-2005-4559Dec 28, 2005
    risk 0.04cvss epss 0.09

    mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows…

  • CVE-2005-4558Dec 28, 2005
    risk 0.04cvss epss 0.08

    IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users…

  • CVE-2005-4556Dec 28, 2005
    risk 0.04cvss epss 0.10

    PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1)…

  • CVE-2000-0507Jun 1, 2000
    risk 0.04cvss epss 0.07

    Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.

  • CVE-2023-40779Sep 14, 2023
    risk 0.03cvss epss 0.01

    An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.

  • CVE-2012-2593Feb 6, 2020
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.