ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS)

[Re-post] Original Post, posted on: 15th Feb, 2014 on Xc0re blog. While going through the Icewarp client I found that  it is possible to inject malicious HTML Element tags into the email and cause a Cross site Scripting (XSS) payload to be executed. The versions that I tested on, were  : 11.0.0.0 (2014-01-25) x64  (http://demo.icewarp.com/) …

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS) Read More »