IceWarp Mail Server Cross-Site Scripting And XML External Entities Vulnerabilities

IceWarp Mail Server is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability. Attackers may exploit these issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials and obtain potentially sensitive information from local files; other attacks are also possible.