CVE-2025-40632

Name of the Vulnerable Software and Affected Versions: Icewarp Mail Server version 11.4.0

Description: The issue is related to cross-site scripting (XSS) that allows an attacker to modify the lastLogin cookie with malicious JavaScript code. This code will be executed when the page is rendered.

Recommendations: For Icewarp Mail Server version 11.4.0, consider updating to a newer version that contains a fix for this issue, as no specific mitigation measures are provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.