exploitDog

CVE-2025-40632

Опубликовано: 16 мая 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-icewarp-mail-server
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:icewarp:mail_server:11.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qxgw-cmmh-8chh

CVSS3: 6.1

github

9 месяцев назад

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.

EPSS

Процентиль: 11%

0.00038

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79