vulnerability
Alt-N MDaemon: CVE-2024-11182: Improper Neutralization of Input During Web Page Generation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | Nov 15, 2024 | May 20, 2025 | May 21, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Nov 15, 2024
Added
May 20, 2025
Modified
May 21, 2025
Description
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c.
An attacker can send an HTML e-mail message with JavaScript in an img tag.
This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.
An attacker can send an HTML e-mail message with JavaScript in an img tag.
This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.
Solution
alt-n-mdaemon-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.