Product
icewarp web mail
67 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2018-25269
CVE-2025-40632
CVE-2025-40631
CVE-2025-40630
CVE-2024-55218
CVE-2024-0246
CVE-2023-43319
CVE-2023-41013
CVE-2023-39598
CVE-2023-39600
CVE-2023-39700
CVE-2023-39699
CVE-2021-36580
CVE-2023-37728
CVE-2020-25925
CVE-2020-27982
CVE-2020-14066
CVE-2020-14065
CVE-2020-14064
CVE-2020-8512
CVE-2019-19265
CVE-2019-19266
CVE-2010-5340
CVE-2010-5339
CVE-2010-5338
CVE-2010-5337
CVE-2010-5336
CVE-2010-5335
CVE-2010-5334
CVE-2019-12593
CVE-2018-16324
CVE-2018-7475
CVE-2015-1503
CVE-2017-12844
CVE-2011-3580
CVE-2011-3579
CVE-2009-1469
CVE-2009-1468
CVE-2009-1467
CVE-2009-1516
CVE-2008-5734
CVE-2007-5046
CVE-2006-0818
CVE-2006-0817
CVE-2006-2484
CVE-2005-4559
CVE-2005-4558
CVE-2005-4557
CVE-2005-4556
CVE-2005-3133
CVE-2005-3132
CVE-2005-3131
CVE-2005-1491
CVE-2005-1490
CVE-2005-1489
CVE-2005-1488
CVE-2005-0322
CVE-2005-0321
CVE-2005-0320
CVE-2004-1674
CVE-2004-1673
CVE-2004-1672
CVE-2004-1671
CVE-2004-1670
CVE-2004-1669
CVE-2002-1899
CVE-2002-0258
all versions
ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements
all versions
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the �
all versions
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding
all versions
Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect
all versions
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
all versions
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /i
all versions
Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web
all versions
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML vi
all versions
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code vi
all versions
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
all versions
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter
all versions
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minim
< 13.0.1.2
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer paramete
all versions
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.
all versions
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script
all versions
IceWarp 11.4.5.0 allows XSS via the language parameter.
all versions
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
all versions
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
all versions
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
<= 11.4.4.1
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
< 12.2.1.1
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for co
< 12.2.1.1
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for ob
>= 10.0 and < 10.2.1
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0
>= 10.0 and < 10.2.1
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-pers
>= 10.0 and < 10.2.1
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-p
>= 10.0 and < 10.2.1
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is n
< 10.2.1
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10
>= 10.0 and < 10.2.1
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp M
>= 10.0 and < 10.2.1
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp M
<= 10.4.4
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style
<= 12.0.3.1
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
all versions
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject a
< 11.2.0
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via
all versions
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain admin
<= 10.3.2
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct requ
<= 10.3.2
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and po
<= 9.3.0
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Serve
<= 9.3.0
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server
<= 9.3.0
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers
all versions
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might all
all versions
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inj
all versions
Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attacke
all versions
Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and
all versions
Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and
all versions
Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbi
all versions
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, d
all versions
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly rest
all versions
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, al
all versions
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server vers
all versions
Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier version
all versions
MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive i
all versions
Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier
all versions
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewact
all versions
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users t
all versions
Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authentica
all versions
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in
all versions
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP re
all versions
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inj
all versions
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1)
all versions
accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers
all versions
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view
all versions
Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive informat
all versions
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, all
all versions
Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows
all versions
Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web scrip
all versions
Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow