Icewarp Mail_server

19 CVEs affecting Icewarp Mail_server. Latest disclosed: 2025-05-16. Critical: 1, High: 3.

Top CVEs affecting Icewarp Mail_server
CVESeverityScorePublishedSummary
CVE-2023-39699Critical9.82023-08-25IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerab…
CVE-2020-14066High8.82020-07-15IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
CVE-2019-12593High7.52019-06-03IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
CVE-2015-1503High7.52018-05-08Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the fi…
CVE-2020-14065Medium6.52020-07-15IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
CVE-2020-14064Medium6.52020-07-15IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
CVE-2025-40632Medium6.12025-05-16Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicio…
CVE-2025-40631Medium6.12025-05-16HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScri…
CVE-2025-40630Medium6.12025-05-16Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sendi…
CVE-2023-39700Medium6.12023-08-25IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2021-36580Medium6.12023-07-27Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
CVE-2020-27982Medium6.12020-11-02IceWarp 11.4.5.0 allows XSS via the language parameter.
CVE-2019-19265Medium6.12020-01-06IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
CVE-2018-16324Medium6.12018-09-01In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
CVE-2018-7475Medium6.12018-06-30Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
CVE-2019-19266Medium5.42020-01-06IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
CVE-2017-12844Medium4.82017-08-23Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary…
CVE-2011-35802011-09-30IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which…
CVE-2011-35792011-09-30server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to…