CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and access user data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.6%

CVSS Severity

CVSS v3 Score 6.1

References

https://mdaemon.com/pages/downloads-critical-updates

Products affected by CVE-2025-3929

Mdaemon » Email Server » Version: 20.0.0

cpe:2.3:a:mdaemon:email_server:20.0.0
Mdaemon » Email Server » Version: 21.0.0

cpe:2.3:a:mdaemon:email_server:21.0.0
Mdaemon » Email Server » Version: 21.5.0

cpe:2.3:a:mdaemon:email_server:21.5.0
Mdaemon » Email Server » Version: 22.0.0

cpe:2.3:a:mdaemon:email_server:22.0.0
Mdaemon » Email Server » Version: 23.0.0

cpe:2.3:a:mdaemon:email_server:23.0.0
Mdaemon » Email Server » Version: 23.5.0

cpe:2.3:a:mdaemon:email_server:23.5.0
Mdaemon » Email Server » Version: 24.0.0

cpe:2.3:a:mdaemon:email_server:24.0.0
Mdaemon » Email Server » Version: 24.5.0

cpe:2.3:a:mdaemon:email_server:24.5.0
Mdaemon » Email Server » Version: 25.0.0

cpe:2.3:a:mdaemon:email_server:25.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-3929

Products

Pricing

Contact Us