Primary

Context

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

Vulnerability

Patched

A cross-site scripting vulnerability allowing authentication bypass has been identified in IceWarp. This issue arises from improper validation of user-supplied data in a parameter passed to the gmaps webpage, enabling the injection of arbitrary scripts. Exploitation requires user interaction, as the target must visit a malicious page or open a harmful file.

Impact

Exploitation of this vulnerability allows remote attackers to bypass authentication on affected IceWarp installations.

Remediation

IceWarp has released an update to address this vulnerability. Details can be found in the IceWarp community post titled 'EPOS - Update 2 build 8 (14.2.0.8)'

Added: Dec 23, 2025, 10:24 PM

Updated: Dec 23, 2025, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

6.5

remediation

7.7

relevance

1.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

6.5

remediation

7.7

relevance

1.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IceWarp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating