Description
Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by loneferret · pythonwebappswindows
https://www.exploit-db.com/exploits/20357
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027409
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77543
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54885
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/20357/
Scores
EPSS
0.0040
EPSS Percentile
60.8%
Details
CWE
CWE-79
Status
published
Products (1)
altn/mdaemon
12.5.4
Published
Aug 12, 2012
Tracked Since
Feb 18, 2026