CVE-2010-5340

Name of the Vulnerable Software and Affected Versions IceWarp Webclient versions prior to 10.2.1

Description The issue is related to a non-persistent XSS vulnerability via an HTTP POST request to the "webmail/" endpoint with the password parameter.

Recommendations For versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "webmail/" endpoint until a patch is available. Avoid using the password parameter in the affected endpoint until the issue is resolved.