[FD] [RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes

2020-01-02 Thread RedTeam Pentesting GmbH
Advisory: IceWarp: Cross-Site Scripting in Notes During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to cross-site scripting attacks in notes for objects. If attackers with access to the IceWarp system provide a manipulated object that is displayed by

[FD] [RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts

2020-01-02 Thread RedTeam Pentesting GmbH
Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted cross-site scripting attacks in its contact module. If IceWarp users import a manipulated vcard, for example from an