Icewarp
Monthly
IceWarp collaboration platform contains an unauthenticated directory traversal vulnerability that allows remote attackers to read sensitive files from the server. The flaw exists in HTTP request handling, enabling access to configuration files, user data, and potentially email contents stored on the server.
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IceWarp collaboration platform contains an unauthenticated directory traversal vulnerability that allows remote attackers to read sensitive files from the server. The flaw exists in HTTP request handling, enabling access to configuration files, user data, and potentially email contents stored on the server.
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.