Vulnerability Details CVE-2021-27180
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-27180
-
cpe:2.3:a:altn:mdaemon:12.5.4
-
cpe:2.3:a:altn:mdaemon:14.0.0
-
cpe:2.3:a:altn:mdaemon:14.0.1
-
cpe:2.3:a:altn:mdaemon:14.0.2
-
cpe:2.3:a:altn:mdaemon:14.0.3
-
cpe:2.3:a:altn:mdaemon:14.5.0
-
cpe:2.3:a:altn:mdaemon:14.5.3
-
cpe:2.3:a:altn:mdaemon:15.0.0
-
cpe:2.3:a:altn:mdaemon:15.0.1
-
cpe:2.3:a:altn:mdaemon:15.0.2
-
cpe:2.3:a:altn:mdaemon:15.0.3
-
cpe:2.3:a:altn:mdaemon:15.5.0
-
cpe:2.3:a:altn:mdaemon:15.5.1
-
cpe:2.3:a:altn:mdaemon:15.5.2
-
cpe:2.3:a:altn:mdaemon:15.5.3
-
cpe:2.3:a:altn:mdaemon:16.0.0
-
cpe:2.3:a:altn:mdaemon:16.0.1
-
cpe:2.3:a:altn:mdaemon:16.0.2
-
cpe:2.3:a:altn:mdaemon:16.0.3
-
cpe:2.3:a:altn:mdaemon:16.0.4
-
cpe:2.3:a:altn:mdaemon:16.5.1
-
cpe:2.3:a:altn:mdaemon:16.5.2
-
cpe:2.3:a:altn:mdaemon:17.0.0
-
cpe:2.3:a:altn:mdaemon:17.0.1
-
cpe:2.3:a:altn:mdaemon:17.0.2
-
cpe:2.3:a:altn:mdaemon:17.5.0
-
cpe:2.3:a:altn:mdaemon:17.5.1
-
cpe:2.3:a:altn:mdaemon:17.5.3
-
cpe:2.3:a:altn:mdaemon:18.0.0
-
cpe:2.3:a:altn:mdaemon:18.0.1
-
cpe:2.3:a:altn:mdaemon:18.0.2
-
cpe:2.3:a:altn:mdaemon:18.5.0
-
cpe:2.3:a:altn:mdaemon:18.5.1
-
cpe:2.3:a:altn:mdaemon:18.5.2
-
cpe:2.3:a:altn:mdaemon:18.5.3
-
cpe:2.3:a:altn:mdaemon:9.6.4
-
cpe:2.3:a:altn:mdaemon:9.6.5