CVE-2010-5339

Name of the Vulnerable Software and Affected Versions IceWarp Webclient versions prior to 10.2.1

Description The issue is related to a non-persistent XSS vulnerability via an HTTP POST request to the "webmail/basic/" endpoint with the parameter dlg[captcha][uid]. This affects versions prior to 10.2.1, with specific mentions of versions 10.1.3 and 10.2.0 being non-persistent.

Recommendations For versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "webmail/basic/" endpoint until a patch is available. Avoid using the parameter dlg[captcha][uid] in the affected API endpoint until the issue is resolved.