First published: Tue Sep 12 2023(Updated: )
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Icewarp Icewarp | =10.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-41013 is a vulnerability that allows remote attackers to inject arbitrary web script or HTML in the Webmail Calendar in IceWarp 10.3.1.
CVE-2023-41013 has a severity rating of 6.1, which is considered medium.
IceWarp 10.3.1 is the affected software.
Remote attackers can exploit CVE-2023-41013 by injecting arbitrary web script or HTML via the "p4" field in the Webmail Calendar.
Yes, you can find references for CVE-2023-41013 at the following links: [http://icewrap.com](http://icewrap.com) and [https://medium.com/@katikitala.sushmitha078/cve-2023-41013-789841dcad91](https://medium.com/@katikitala.sushmitha078/cve-2023-41013-789841dcad91)