Primary

Context

IceWarp Mail Server Host Header Injection Vulnerability Allowing JavaScript Execution

Vulnerability

A host header injection vulnerability has been identified in IceWarp Mail Server version 11.4.0. This vulnerability allows the execution of arbitrary JavaScript code on page load by modifying the Host header to include a payload. The exploitation requires user interaction with a malicious link, which, once clicked, redirects the user and executes the injected script.

Impact

Exploitation of this vulnerability allows for the injection and execution of malicious JavaScript code in the user's browser, potentially leading to cross-site scripting (XSS) attacks.

Remediation

Users can upgrade to IceWarp Mail Server version 13.0.2 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IceWarp Mail Server Host Header Injection Vulnerability Allowing JavaScript Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating