Exploits

IceWarp <11.4.4.1 Cross-Site Scripting - CVE-2020-8512

In IceWarp Webmail Server through versions 11.4.4.1 and below, there is XSS in the /webmail/ color parameter.

IceWarp is mail and collaboration server software aimed at small to mid-range businesses and as an alternative to services such as Microsoft Exchange. The XSS vulnerability in question was resolved in 11.4.4.1 of IceWarp.

Earlier versions of the technology are vulnerable to a flaw that means an attacker can use an XSS loophole the /WebMail/ color parameter to send a malicious script to unsuspecting admins or users.