CVE-2025-40632
Cross-site scripting (XSS) vulnerability in IceWarp Mail Server
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Icewarp · Icewarp Mail ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →