Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient (CVE-2020–25925)

Introduction

This article is a write up on how I found Cross Site Scripting (Reflected-XSS) in Webmail Calender in IceWarp WebClient which gave me a new CVE-2020–25925.

What is Cross Site Scripting (XSS) ?

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same-origin…

--

--

--

Information Security Analyst at Persistent Systems | Synack Red Team Member | CEH v10 | CEH Master | Bug Bounty Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Choose the Best Security Camera for Your House

3

5 Cybersecurity Myths You Should Stop Believing

Customer Interview: Soteria — Security Solutions & Advisory — LimaCharlie

Responder and NTLMRelay

{UPDATE} Super Race Hack Free Resources Generator

InfoSec Community Outreach Tips — Part 1: Public Libraries

InfoSecSherpa’s News Roundup for Tuesday, May 17, 2022

Lesotho, Africa. Image by Herbert Bieser from Pixabay.

Women in Information Security: Kat Sweet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ashish Dhone

Ashish Dhone

Information Security Analyst at Persistent Systems | Synack Red Team Member | CEH v10 | CEH Master | Bug Bounty Hunter

More from Medium

Burp Suite Lab — Exploiting XXE to perform SSRF attacks | WalkThrough

TryHackMe Writeup : Solar, exploiting Log4J🥷🏻🥷🏻

H1-CTF Hacky Holidays Writeup

log4shell 0-day Exploit in log4j v2 — What it is?

log4shell 0-day Exploit in log4j v2 - What it is? How to Identify and Mitigate the Vulnerability (CVE-2021-44228)