Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient (CVE-2020–25925)
2 min readApr 14, 2021
Introduction
This article is a write up on how I found Cross Site Scripting (Reflected-XSS) in Webmail Calender in IceWarp WebClient which gave me a new CVE-2020–25925.
What is Cross Site Scripting (XSS) ?
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same-origin…