Cross-Site Scripting Vulnerability in IceWarp from IceWarp Ltd
CVE-2020-27982

6.1MEDIUM

Key Information:

Vendor: Icewarp
Status: Mail Server
Vendor: CVE Published:; 2 November 2020

What is CVE-2020-27982?

A Cross-Site Scripting (XSS) vulnerability exists in IceWarp WebMail version 11.4.5.0, allowing attackers to exploit the 'language' parameter. This security flaw could enable an attacker to execute arbitrary scripts in the context of unsuspecting users, potentially leading to unauthorized actions or data exposure. Organizations using this affected version should consider immediate patching to mitigate risk.

References

http://packetstormsecurity.com/files/159763/Icewarp-WebMa...

x_refsource_MISC

https://cxsecurity.com/issue/WLB-2020100161

x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2020
Vulnerability Reserved
Oct 28, 2020

JSON