Alt-N MDaemon Webmail 19.5.5 File Attachment cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic was found in Alt-N MDaemon Webmail 19.5.5 (Mail Server Software). Affected by this vulnerability is an unknown part of the component File Attachment Handler. Upgrading eliminates this vulnerability. The upgrade is hosted for download at altn.com.

Field02/04/2021 10:15 AM02/23/2021 12:24 PM
vendorAlt-NAlt-N
nameMDaemon WebmailMDaemon Webmail
version19.5.519.5.5
componentFile Attachment HandlerFile Attachment Handler
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttp://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xsshttp://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss
nameUpgradeUpgrade
upgrade_urlhttps://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/
cveCVE-2020-18723CVE-2020-18723
date1612393200 (02/04/2021)1612393200 (02/04/2021)
typeMail Server SoftwareMail Server Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore5.04.4
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.1
cvss3_meta_basescore4.34.3
cvss3_meta_tempscore4.34.1
price_0day$0-$5k$0-$5k
cve_assigned1597269600
cve_nvd_summaryStored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.

Do you know our Splunk app?

Download it now for free!