CVE-2018-16324: XSS
First published: Sat Sep 01 2018(Updated: )
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IceWarp Mail Server | <=12.0.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the IceWarp Server XSS?
The vulnerability ID for the IceWarp Server XSS is CVE-2018-16324.
What is the severity of CVE-2018-16324?
The severity of CVE-2018-16324 is medium with a CVSS score of 6.1.
Which version of IceWarp Server is affected by CVE-2018-16324?
IceWarp Server version 12.0.3.1 and earlier is affected by CVE-2018-16324.
What is the Common Weakness Enumeration (CWE) ID for CVE-2018-16324?
The Common Weakness Enumeration (CWE) ID for CVE-2018-16324 is CWE-79.
How can I fix the XSS vulnerability in IceWarp Server?
To fix the XSS vulnerability in IceWarp Server, update to a version later than 12.0.3.1.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/type
- agent/event
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/icewarp
- canonical/icewarp mail server
- version/icewarp mail server/12.0.3.1