Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient (CVE-2020–25925)

Introduction

This article is a write up on how I found Cross Site Scripting (Reflected-XSS) in Webmail Calender in IceWarp WebClient which gave me a new CVE-2020–25925.

What is Cross Site Scripting (XSS) ?

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same-origin…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ashish Dhone

Ashish Dhone

Top 120 in the World at Google Hacker’s Ranking & Best Bug Hunter of the Year 2021 | Cyber CounterIntelligence | SRT | CEH | CEH Master | CHFI | CVE x 4