CVE-2025-40632
Cross-site scripting (XSS) vulnerability in IceWarp Mail Server
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Icewarp · Icewarp Mail ServerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →