CVE-2005-0320

Icewarp Web Mail 5.3.0 - Cross-Site Scripting via Login Username or Calendar Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0320. PoCs published by ShineShadow.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in IceWarp Web Mail, including XSS, HTML injection, arbitrary file creation, and file manipulation. It does not contain executable exploit code but outlines attack vectors and potential impacts.

Description

Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.

Exploits (2)

exploitdb WRITEUP VERIFIED
by ShineShadow · textwebappsphp
https://www.exploit-db.com/exploits/25068

The provided text describes multiple vulnerabilities in IceWarp Web Mail, including XSS, HTML injection, arbitrary file creation, and file manipulation. It does not contain executable exploit code but outlines attack vectors and potential impacts.

Classification
Writeup 90%
Attack Type
Xss | Info Leak | Other
Complexity
Moderate
Reliability
Theoretical
Target: IceWarp Web Mail (version not specified)
Auth required
Prerequisites: Authenticated access to the webmail interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ShineShadow · textwebappsphp
https://www.exploit-db.com/exploits/25069

The provided text describes multiple vulnerabilities in IceWarp Web Mail, including XSS, HTML injection, arbitrary file creation, and file manipulation. It includes example URLs demonstrating the vulnerabilities but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Info Leak | Other
Complexity
Trivial
Reliability
Theoretical
Target: IceWarp Web Mail (version not specified)
Auth required
Prerequisites: Authenticated access to the IceWarp Web Mail application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19147
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12396
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110693950205007&w=2

Scores

EPSS 0.0261
EPSS Percentile 83.5%

Details

Status published
Products (1)
icewarp/web_mail 5.3
Published Jan 28, 2005
Tracked Since Feb 18, 2026