CVE-2025-40632

Low CVSS: 2.0

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.

Vendor

Icewarp

Product

Mail Server

CWE

CWE-79

Yayın Tarihi

2025-05-16 11:15:45

Güncelleme

2025-10-09 19:31:29

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-79 Mail Server LOW Icewarp 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-icewarp-mail-server

Benzer Kayıtlar

Low

CVE-2025-40631

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header a…

Medium

CVE-2025-40630

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to…

Medium

CVE-2024-55218

IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.