Icewarp Mail_server
19 CVEs affecting Icewarp Mail_server. Latest disclosed: 2025-05-16. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-39699 | Critical | 9.8 | 2023-08-25 | IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerab… |
CVE-2020-14066 | High | 8.8 | 2020-07-15 | IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. |
CVE-2019-12593 | High | 7.5 | 2019-06-03 | IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. |
CVE-2015-1503 | High | 7.5 | 2018-05-08 | Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the fi… |
CVE-2020-14065 | Medium | 6.5 | 2020-07-15 | IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. |
CVE-2020-14064 | Medium | 6.5 | 2020-07-15 | IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. |
CVE-2025-40632 | Medium | 6.1 | 2025-05-16 | Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicio… |
CVE-2025-40631 | Medium | 6.1 | 2025-05-16 | HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScri… |
CVE-2025-40630 | Medium | 6.1 | 2025-05-16 | Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sendi… |
CVE-2023-39700 | Medium | 6.1 | 2023-08-25 | IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. |
CVE-2021-36580 | Medium | 6.1 | 2023-07-27 | Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. |
CVE-2020-27982 | Medium | 6.1 | 2020-11-02 | IceWarp 11.4.5.0 allows XSS via the language parameter. |
CVE-2019-19265 | Medium | 6.1 | 2020-01-06 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. |
CVE-2018-16324 | Medium | 6.1 | 2018-09-01 | In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. |
CVE-2018-7475 | Medium | 6.1 | 2018-06-30 | Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. |
CVE-2019-19266 | Medium | 5.4 | 2020-01-06 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. |
CVE-2017-12844 | Medium | 4.8 | 2017-08-23 | Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary… |
CVE-2011-3580 | | 2011-09-30 | IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which… | |
CVE-2011-3579 | | 2011-09-30 | server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to… |