CNNVD-202512-4034 Information

CNNVD ID

CNNVD-202512-4034

Related CVE

CVE-2025-14499

• CNNVD Published: 2025-12-23

Description (Chinese)

IceWarp是捷克爱思华宝（IceWarp）公司的一种集成式的企业通信和协作平台，旨在为组织提供各种工具和功能，以支持内部和外部沟通、协作和业务流程。 IceWarp存在跨站脚本漏洞，该漏洞源于对传递给gmaps网页的参数处理不当，可能导致跨站脚本攻击和身份验证绕过。

Description (English)

IceWarp is an integrated corporate communication and collaborative platform of the Czech company IceWarp, designed to provide the organization with tools and functions to support internal and external communication, collaboration and business processes. IceWarp has a cross-site script loophole, which stems from the mishandling of the parameters transmitted to the gmaps web page and may lead to cross-site script attacks and cross-checking.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

爱思华宝

Published

2025-12-23

Last Modified

2026-02-24

References

https://support.icewarp.com/hc/en-us/community/posts/40040542307729-EPOS-Update-2-build-8-14-2-0-8 https://www.zerodayinitiative.com/advisories/ZDI-25-1071/

Patch

https://www.icewarp.com/