CVE-2010-5337

Name of the Vulnerable Software and Affected Versions IceWarp Webclient versions prior to 10.2.1

Description The issue is related to a non-persistent XSS vulnerability via an HTTP POST request to the "webmail/basic/" endpoint with the parameter dlg[captcha][controller]. This affects versions prior to 10.2.1, with specific mentions of non-persistent issues in versions 10.1.3 and 10.2.0.

Recommendations For versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "webmail/basic/" endpoint until a patch is available. Avoid using the parameter dlg[captcha][controller] in the affected API endpoint until the issue is resolved.