IceWarp Mail Server 11.4.0
Approved changes feed: RSS · Atom
cpe:2.3:a:icewarp:mail_server:11.4.0:*:*:*:*:*:*:*
part: a version: 11.4.0 update: *
| Vendor | Icewarp (c8030f23-957a-58b4-8b02-23bd6cb49d34) |
|---|---|
| Product | Mail Server (78879462-47f8-5f95-a8d9-2e9132ea0594) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-40632 |
vulnerable | 2026-06-03 15:01:13.130124 |
Cross-site scripting (XSS) vulnerability in IceWarp Mail Server
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.
Published: 2025-05-16T11:09:59.590Z
Updated: 2025-05-16T13:46:48.664Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-40631 |
vulnerable | 2026-06-03 15:01:13.129650 |
HTTP host header injection vulnerability in IceWarp Mail Server
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.
Published: 2025-05-16T11:09:17.351Z
Updated: 2025-05-16T13:46:34.760Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-40630 |
vulnerable | 2026-06-03 15:01:13.129110 |
Open redirection vulnerability in IceWarp Mail Server
Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox.
Published: 2025-05-16T11:08:18.538Z
Updated: 2025-05-16T13:46:17.479Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.