CVE-2010-5336

Name of the Vulnerable Software and Affected Versions IceWarp Webclient versions 10.2.0 through 10.2.0

Description The issue is related to a persistent XSS vulnerability via an HTTP POST request to the "admin/login.html" endpoint with the username parameter.

Recommendations For IceWarp Webclient version 10.2.0, update to version 10.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the "admin/login.html" endpoint until a patch is available. Avoid using the username parameter in the affected endpoint until the issue is resolved.