{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25269", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-22T14:30:46.791Z", "datePublished": "2026-04-22T14:57:03.267Z", "dateUpdated": "2026-04-22T15:48:35.082Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-22T14:57:03.267Z"}, "title": "ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection", "descriptions": [{"lang": "en", "value": "ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "affected": [{"vendor": "icewarp", "product": "ICEWARP Client", "versions": [{"version": "10.3.4", "status": "affected"}, {"version": "11.0.0.0", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:icewarp:icewarp:11.0.0.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:icewarp:icewarp:10.3.4:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45974", "name": "ExploitDB-45974", "tags": ["exploit"]}, {"url": "http://www.icewarp.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/icewarp-cross-site-scripting-via-email-html-injection"}], "credits": [{"lang": "en", "value": "Usman Saeed", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2018-12-11T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T15:47:11.555257Z", "id": "CVE-2018-25269", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T15:48:35.082Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25269", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T15:47:11.555257Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T15:47:52.071Z"}}], "cna": {"title": "ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection", "credits": [{"lang": "en", "type": "finder", "value": "Usman Saeed"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "icewarp", "product": "ICEWARP Client", "versions": [{"status": "affected", "version": "10.3.4"}, {"status": "affected", "version": "11.0.0.0"}]}], "datePublic": "2018-12-11T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45974", "name": "ExploitDB-45974", "tags": ["exploit"]}, {"url": "http://www.icewarp.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/icewarp-cross-site-scripting-via-email-html-injection", "name": "VulnCheck Advisory: ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:icewarp:icewarp:11.0.0.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:icewarp:icewarp:10.3.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-22T14:57:03.267Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25269", "state": "PUBLISHED", "dateUpdated": "2026-04-22T15:48:35.082Z", "dateReserved": "2026-04-22T14:30:46.791Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-22T14:57:03.267Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information."}], "id": "CVE-2018-25269", "lastModified": "2026-04-22T21:23:52.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-22T16:16:47.567", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.icewarp.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/45974"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/icewarp-cross-site-scripting-via-email-html-injection"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T18:27:47.110676+00:00", "value": {"mitigation_remediation": ["Upgrade the Icewarp Client to the latest patched version that removes the object/embed injection vector.", "If an immediate upgrade is not possible, configure the client or corporate email gateway to strip or block object and embed tags as well as data URI schemes before rendering or delivery.", "Implement email filtering rules that detect and sanitize base64\u2011encoded payloads or HTML content containing malformed attachment tags, and enforce stricter sandboxing for email rendering to prevent script execution."], "summary": {"action": "Update Client", "impact": "Client\u2011side XSS allowing session hijacking and data theft"}, "threat_synthesis": {"affected_systems": "Icewarp Client is affected in the 10.3.4 and 11.0.0.0 releases. Both versions allow the described HTML injection when an email is rendered, so any user running those client versions that receives a malicious message is at risk. The issue is confined to the client software and does not affect the Icewarp mail server component directly.", "description_and_impact": "The vulnerability arises from a cross\u2011site scripting flaw in the Icewarp Client that permits attackers to embed base64\u2011encoded payloads inside object and embed tags of an email. When a recipient opens the compromised message, the payload is executed by the client, enabling arbitrary script execution in the user\u2019s browser context. The comic effect can compromise the viewing user\u2019s session and expose sensitive data, as the injected script runs with the same privileges as the user. This flaw is listed as CWE\u201179, a classic reflected XSS weakness.", "risk_and_exploitability": "The CVSS score of 5.1 indicates a medium severity assessment. EPSS data is not available, so the likelihood of widespread exploitation remains undetermined from public metrics. The flaw is not listed in the CISA KEV catalog, suggesting no documented active exploitation at the time of the advisory. Attackers would need to deliver a crafted email containing the malicious payload, so the vulnerability is primarily remote and relies on user interaction. The absence of server\u2011side checks means a malicious sender can freely propagate the exploit via spam or phishing campaigns."}}}}, "created": "2026-04-22T18:30:23.755506+00:00", "updated": "2026-04-22T18:30:23.755515+00:00", "vendors": []}