IceWarp < Cross-Site Scripting - CVE-2020-8512

In IceWarp Webmail Server through versions and below, there is XSS in the /webmail/ color parameter.

IceWarp is mail and collaboration server software aimed at small to mid-range businesses and as an alternative to services such as Microsoft Exchange. The XSS vulnerability in question was resolved in of IceWarp.

Earlier versions of the technology are vulnerable to a flaw that means an attacker can use an XSS loophole the /WebMail/ color parameter to send a malicious script to unsuspecting admins or users.