CVE-2024-0246

Name of the Vulnerable Software and Affected Versions IceWarp versions 12.0.2.1 through 12.0.3.1

Description A problematic issue has been discovered, affecting the Utility Download Handler component in the /install/ file. The issue can be exploited by manipulating the lang argument with a specific input, leading to cross-site scripting. This can be initiated remotely.

Recommendations For IceWarp versions 12.0.2.1 through 12.0.3.1, consider restricting access to the Utility Download Handler component until a fix is available. As a temporary workaround, avoid using the lang argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.