Icewarp: community verdicts
3 notable / known-exploited Icewarp CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Icewarp CVE, see NVD ↗.
- CVE-2021-36580MED 6.1EPSS 2%
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
- CVE-2023-37728MED 6.1EPSS 1%
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.
- CVE-2023-41013MED 6.1EPSS 1%
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.