cbcvebase.
CVE-2020-27982
published 2020-11-02

CVE-2020-27982: IceWarp 11.4.5.0 allows XSS via the language parameter.

PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.27%
91.5th percentile
IceWarp 11.4.5.0 allows XSS via the language parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
icewarpmail_server

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E
path/webmail/
  • Look for GET requests to /webmail/ with a `language` parameter containing an XSS payload such as URL-encoded `"><img src=x onerror=alert(1)>`
  • Identify exposed IceWarp WebMail instances via Shodan/FOFA using title-based queries for 'icewarp' or 'icewarp server administration'
  • ·The XSS payload is injected via the `language` GET parameter and reflected in the response body; the vulnerable endpoint is /webmail/ on IceWarp WebMail version 11.4.5.0 specifically
  • ·No authentication is required (PR:N) and user interaction is required (UI:R), meaning the attack is delivered to a victim via a crafted link

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.