Primary

Context

IceWarp Server Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in IceWarp Server version 10.2.1. The issue arises in the meta parameter, allowing attackers to inject malicious scripts that are executed immediately when the crafted URL is visited. This could lead to session hijacking, cookie theft, or other attacks.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, inject an XSS payload into the meta parameter of a URL directed at an IceWarp Server 10.2.1 instance. When the URL is accessed, the payload will execute, confirming the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IceWarp Server Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

IceWarp Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating