CVE-2020-18723

MEDIUM

MDaemon webmail <19.5.5 - XSS

Title source: llm

Description

Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.

Exploits (1)

exploitdb WRITEUP

by Kailash Bohara · textwebappswindows

https://www.exploit-db.com/exploits/49537

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss

[Vendor Advisory] https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0320

EPSS Percentile 87.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

altn/mdaemon_webmail < 20.0.1

Published Feb 03, 2021

Tracked Since Feb 18, 2026