CVE-2010-5338

Name of the Vulnerable Software and Affected Versions IceWarp Webclient versions prior to 10.2.1

Description The issue is related to a non-persistent XSS vulnerability via an HTTP POST request to the "webmail/basic/" endpoint with the parameter dlg[captcha][action]. This vulnerability is present in versions prior to 10.2.1, including 10.1.3 and 10.2.0.

Recommendations For IceWarp Webclient versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "webmail/basic/" endpoint until a patch is available. Avoid using the parameter dlg[captcha][action] in the affected API endpoint until the issue is resolved.