CVE-2020-27982

Name of the Vulnerable Software and Affected Versions IceWarp version 11.4.5.0

Description The issue allows for a Cross-Site Scripting (XSS) attack via the language parameter. This can potentially lead to malicious script execution on the client-side. The estimated number of affected devices and real-world incidents are not specified.

Recommendations For IceWarp version 11.4.5.0, consider disabling the language parameter as a temporary workaround until a patch is available. Restrict access to the vulnerable endpoint /webmail/?language= to minimize the risk of exploitation. Avoid using the language parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.