Harun

**Name of the Vulnerable Software and Affected Versions** IceWarp version 11.4.5.0 **Description** The issue allows for a Cross-Site Scripting (XSS) attack via the `language` parameter. This can potentially lead to malicious script execution on the client-side. The estimated number of affected devices and real-world incidents are not specified. **Recommendations** For IceWarp version 11.4.5.0, consider disabling the `language` parameter as a temporary workaround until a patch is available. Restrict access to the vulnerable endpoint `/webmail/?language=` to minimize the risk of exploitation. Avoid using the `language` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.