CVE-2012-2584

Alt-N MDaemon Free 12.5.4 - Cross-Site Scripting via Email Message Body

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2584. PoCs published by loneferret.

AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in Alt-N MDaemon Free 12.5.4 by sending a malicious email with an embedded XSS payload. The payload triggers when the email is viewed in a vulnerable client.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document.

Exploits (1)

exploitdb WORKING POC VERIFIED
by loneferret · pythonwebappswindows
https://www.exploit-db.com/exploits/20357

This exploit demonstrates an XSS vulnerability in Alt-N MDaemon Free 12.5.4 by sending a malicious email with an embedded XSS payload. The payload triggers when the email is viewed in a vulnerable client.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Alt-N MDaemon Free 12.5.4
Auth required
Prerequisites: Valid SMTP credentials · Access to a vulnerable MDaemon server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027409
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77543
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54885
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/20357/

Scores

EPSS 0.0323
EPSS Percentile 86.6%

Details

CWE
CWE-79
Status published
Products (1)
altn/mdaemon 12.5.4
Published Aug 12, 2012
Tracked Since Feb 18, 2026