Title:IceWarp Server webmail组件安全漏洞 (CVE-2017-7855) Description:IceWarp Server是美国爱思华宝(IceWarp)公司的一款邮件服务器产品。该产品支持电子邮件归档、SmartAttach附件、自动迁移等。webmail component是其中的邮箱组件。 IceWarp Server 11.3.1.5版本中的webmail组件的‘language’参数存在安全漏洞。远程攻击者可利用该漏洞窃取用户会话,访问用户的webmail。
Description
IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language parameter.
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.