Vulnerability Details CVE-2021-27182
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 73.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2021-27182
-
cpe:2.3:a:altn:mdaemon:12.5.4
-
cpe:2.3:a:altn:mdaemon:14.0.0
-
cpe:2.3:a:altn:mdaemon:14.0.1
-
cpe:2.3:a:altn:mdaemon:14.0.2
-
cpe:2.3:a:altn:mdaemon:14.0.3
-
cpe:2.3:a:altn:mdaemon:14.5.0
-
cpe:2.3:a:altn:mdaemon:14.5.3
-
cpe:2.3:a:altn:mdaemon:15.0.0
-
cpe:2.3:a:altn:mdaemon:15.0.1
-
cpe:2.3:a:altn:mdaemon:15.0.2
-
cpe:2.3:a:altn:mdaemon:15.0.3
-
cpe:2.3:a:altn:mdaemon:15.5.0
-
cpe:2.3:a:altn:mdaemon:15.5.1
-
cpe:2.3:a:altn:mdaemon:15.5.2
-
cpe:2.3:a:altn:mdaemon:15.5.3
-
cpe:2.3:a:altn:mdaemon:16.0.0
-
cpe:2.3:a:altn:mdaemon:16.0.1
-
cpe:2.3:a:altn:mdaemon:16.0.2
-
cpe:2.3:a:altn:mdaemon:16.0.3
-
cpe:2.3:a:altn:mdaemon:16.0.4
-
cpe:2.3:a:altn:mdaemon:16.5.1
-
cpe:2.3:a:altn:mdaemon:16.5.2
-
cpe:2.3:a:altn:mdaemon:17.0.0
-
cpe:2.3:a:altn:mdaemon:17.0.1
-
cpe:2.3:a:altn:mdaemon:17.0.2
-
cpe:2.3:a:altn:mdaemon:17.5.0
-
cpe:2.3:a:altn:mdaemon:17.5.1
-
cpe:2.3:a:altn:mdaemon:17.5.3
-
cpe:2.3:a:altn:mdaemon:18.0.0
-
cpe:2.3:a:altn:mdaemon:18.0.1
-
cpe:2.3:a:altn:mdaemon:18.0.2
-
cpe:2.3:a:altn:mdaemon:18.5.0
-
cpe:2.3:a:altn:mdaemon:18.5.1
-
cpe:2.3:a:altn:mdaemon:18.5.2
-
cpe:2.3:a:altn:mdaemon:18.5.3
-
cpe:2.3:a:altn:mdaemon:9.6.4
-
cpe:2.3:a:altn:mdaemon:9.6.5