CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-18723

Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss
http://packetstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.html
https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/
http://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss
http://packetstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.html
https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/

Products affected by CVE-2020-18723

Altn » Mdaemon Webmail » Version: N/A

cpe:2.3:a:altn:mdaemon_webmail:-
Altn » Mdaemon Webmail » Version: 14.0

cpe:2.3:a:altn:mdaemon_webmail:14.0
Altn » Mdaemon Webmail » Version: 20.0.0

cpe:2.3:a:altn:mdaemon_webmail:20.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-18723

Products

Pricing

Contact Us