CVE-2023-37728

MEDIUM NUCLEI

Icewarp - XSS

Title source: rule

Description

IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.

Nuclei Templates (1)

IceWarp Webmail Server v10.2.1 - Cross Site Scripting
MEDIUMVERIFIEDby technicaljunkie,r3Y3r53
Shodan: http.favicon.hash:2144485375 || http.title:"icewarp"
FOFA: title="icewarp" || icon_hash=2144485375

References (3)

Scores

CVSS v3 6.1
EPSS 0.1351
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
icewarp/icewarp 10.2.1
Published Jul 20, 2023
Tracked Since Feb 18, 2026