Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.
References
Link | Resource |
---|---|
http://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-03T17:27:42
Updated: 2021-02-08T18:06:19
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-18724
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-03T18:15:16.100
Modified: 2021-02-25T19:59:34.933
Link: CVE-2020-18724
JSON object: View
Redhat Information
No data.
CWE