Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
References
Link | Resource |
---|---|
http://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-03T17:25:14
Updated: 2021-02-08T18:06:18
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-18723
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-03T18:15:16.053
Modified: 2021-02-25T17:17:48.443
Link: CVE-2020-18723
JSON object: View
Redhat Information
No data.
CWE