CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.268

EPSS Ranking 96.1%

CVSS Severity

CVSS v3 Score 6.1

Proposed Action

MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.

Ransomware Campaign

Unknown

References

https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html

Products affected by CVE-2024-11182

Mdaemon » Mdaemon » Version: 5.0

cpe:2.3:a:mdaemon:mdaemon:5.0
Mdaemon » Mdaemon » Version: 5.0.6

cpe:2.3:a:mdaemon:mdaemon:5.0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-11182

Products

Pricing

Contact Us