Cross-Site Scripting Vulnerability in IceWarp Webclient
CVE-2010-5339

6.1MEDIUM

Key Information:

Vendor: Icewarp
Status: Webclient
Vendor: CVE Published:; 11 October 2019

What is CVE-2010-5339?

IceWarp Webclient versions 10.1.3 and 10.2.0 are susceptible to a Cross-Site Scripting (XSS) vulnerability that can be exploited through HTTP POST requests. The issue arises when the parameter _dlg[captcha][uid] is processed without adequate validation, allowing attackers to inject malicious scripts. This non-persistent XSS can lead to unauthorized actions performed on behalf of users or disclosure of sensitive information.

References

https://www.gosecurity.ch/component/content/article/12-se...

x_refsource_MISC

https://vuldb.com/?id.142993

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2019
Vulnerability Reserved
Oct 11, 2019

JSON

Icewarp

What is CVE-2010-5339?

References

CVSS V3.1

Timeline