Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient (CVE-2020–25925)

Introduction

This article is a write up on how I found Cross Site Scripting (Reflected-XSS) in Webmail Calender in IceWarp WebClient which gave me a new CVE-2020–25925.

What is Cross Site Scripting (XSS) ?

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same-origin…