Main Vulnerability Database Vulnerabilities #VU50658

#VU50658 Cross-site scripting in MDaemon - CVE-2020-18723

Published: February 12, 2021

Vulnerability identifier: #VU50658

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Green

CVE-ID: CVE-2020-18723

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
MDaemon

Software vendor:
Alt-N

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

#VU50658 Cross-site scripting in MDaemon - CVE-2020-18723

Description

Remediation

External links

Please verify you're human