IceWarp 漏洞列表

IceWarp WebClient 存在远程命令执行漏洞，攻击者构造特殊的请求即可远程命令执行 fofa-query: app="IceWarp-公司产品"

IceWarp Mail Server ≤11.4.0存在重定向漏洞，这可能会导致网络钓鱼攻击或其他意外重定向。

IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.

IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language parameter.

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter.

IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.

IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects.

Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.

IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.

IceWarp Mail Server version 11.4.0 and below contains an open redirect vulnerability that allows attackers to redirect users to arbitrary external domains through malicious URLs.

IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.

IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language parameter.

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter.

IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.

IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects.

Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.

IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.

IceWarp Mail Server version 11.4.0 and below contains an open redirect vulnerability that allows attackers to redirect users to arbitrary external domains through malicious URLs.

IceWarp open redirect vulnerabilities were detected. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

IceWarp WebClient is susceptible to remote code execution.

IceWarp Server是一款全面的企业级通信和协作解决方案，旨在为企业提供邮件、日历、联系人管理、即时通讯、文件共享及其他协作工具。它是一个集成了多种功能的平台，帮助企业提高工作效率和团队协作能力。攻击者可以通过该漏洞获取到用户cookie等信息，窃取用户敏感信息。

IceWarp MailServer是美国IceWarp公司的一款邮件服务器产品，存在一个通过引用参数的开放重定向漏洞，这可能会导致网络钓鱼攻击或其他意外重定向。

IceWarp Webmail Server 11.4.4.1版在/Webmail/color参数中包含一个跨站点脚本漏洞。

IceWarp Mail Server10.4.4版本容易通过webmail/calendar/minimizer/index.php出现本地文件包含漏洞？样式=..%5c目录遍历。

IceWarp WebClient 存在远程命令执行漏洞，攻击者构造特殊的请求即可远程命令执行