CVE-2024-0246 | IceWarp 12.0.2.1/12.0.3.1 Utility Download /install/ lang cross site scripting

A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2024-0246. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0246 | IceWarp 12.0.2.1/12.0.3.1 Utility Download /install/ lang cross site scripting

Related Posts

CVE-2024-22808 | Tormach xsTECH CNC Router 2.9.6 Name denial of service

CVE-2024-39532 | Juniper Networks Junos OS/Junos OS Evolved prior 22.3R2 log file (JSA82992)

CVE-2024-38534 | OISF Suricata up to 7.0.5 Modbus stream.reassembly.depth allocation of resources

CVE-2024-23861 | Cups Easy 1.0 URL unitofmeasurementcreate.php unitofmeasurementid cross site scripting