Cross-Site Scripting Vulnerability in IceWarp Products by IceWarp
CVE-2023-39600

6.1MEDIUM

Key Information:

Vendor: Icewarp
Status: Icewarp
Vendor: CVE Published:; 25 August 2023

What is CVE-2023-39600?

An XSS vulnerability has been identified in IceWarp Server, notably in version 11.4.6.0. This flaw allows an attacker to inject malicious scripts through the color parameter, which can be exploited to execute arbitrary JavaScript in the context of a user's session. As a result, unauthorized actions may be carried out on behalf of the affected user, compromising the security and integrity of their data. Users and administrators are advised to implement necessary security measures and update to secure versions to mitigate this risk.

References

https://medium.com/%40katikitala.sushmitha078/cross-site-...

https://icewarp.com

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2023
Vulnerability Reserved
Aug 7, 2023

JSON

Icewarp

What is CVE-2023-39600?

References

CVSS V3.1

Timeline