Every CVE whose affected-product data names Icewarp Mail Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2023-39699 — CVSS 9.8 (critical): IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index…
CVE-2020-14066 — CVSS 8.8 (high): IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
CVE-2019-12593 — CVSS 7.5 (high): IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c…
CVE-2015-1503 — CVSS 7.5 (high): Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1)…
CVE-2011-3579 — CVSS 6.4 (medium): server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly…
CVE-2025-40632 — CVSS 6.1 (medium): Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the…
CVE-2025-40630 — CVSS 6.1 (medium): Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to…
CVE-2025-40631 — CVSS 6.1 (medium): HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a…
CVE-2019-19265 — CVSS 6.1 (medium): IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
CVE-2018-7475 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary…
CVE-2021-36580 — CVSS 6.1 (medium): Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
CVE-2023-39700 — CVSS 6.1 (medium): IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2019-19266 — CVSS 5.4 (medium): IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
CVE-2011-3580 — CVSS 5.0 (medium): IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to…
CVE-2017-12844 — CVSS 4.8 (medium): Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators…