Every CVE whose affected-product data names Icewarp Webclient, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2010-5334 — CVSS 7.5 (high): IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver…
CVE-2010-5335 — CVSS 7.5 (high): IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver…
CVE-2010-5336 — CVSS 6.1 (medium): IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVE-2010-5337 — CVSS 6.1 (medium): IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is…
CVE-2010-5338 — CVSS 6.1 (medium): IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent…
CVE-2010-5339 — CVSS 6.1 (medium): IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in…
CVE-2010-5340 — CVSS 6.1 (medium): IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVE-2020-25925 — CVSS 6.1 (medium): Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML…
CVE-2023-39598 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a…
CVE-2023-43319 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts…