CVE-2024-55218
published 2025-01-07CVE-2024-55218: IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.68%
47.7th percentile
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icewarp | icewarp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
IceWarp Server 10.2.1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-55218 [MEDIUM] IceWarp Server 10.2.1 - Cross-Site Scripting
IceWarp Server 10.2.1 - Cross-Site Scripting
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
Template:
id: CVE-2024-55218
info:
name: IceWarp Server 10.2.1 - Cross-Site Scripting
author: s4e-io
severity: medium
description: |
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
impact: |
Attackers can inject malicious JavaScript through the meta parameter, executing arbitrary code in victim browsers when they visit crafted URLs.
remediation: |
Update IceWarp Server to a version later than 10.2.1 that addresses the reflected XSS vulnerability.
reference:
- https://resources.s4e.io/blog/icewarp-server-10-2-1-reflected-xss-vulnerability-cve-2024-55218/
- https://nvd.nist.gov/vuln/detail/CVE-2024-55218
classific
No writeups or analysis indexed.
2025-01-07
Published