Alt-N MDaemon Webmail 19.5.5 Contact List contact name cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, has been found in Alt-N MDaemon Webmail 19.5.5 (Mail Server Software). Affected by this issue is an unknown code of the component Contact List Handler. Upgrading eliminates this vulnerability. The upgrade is hosted for download at altn.com.

Field02/04/2021 10:15 AM02/23/2021 12:26 PM
vendorAlt-NAlt-N
nameMDaemon WebmailMDaemon Webmail
version19.5.519.5.5
componentContact List HandlerContact List Handler
argumentcontact namecontact name
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttp://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xsshttp://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss
nameUpgradeUpgrade
upgrade_urlhttps://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/
cveCVE-2020-18724CVE-2020-18724
date1612393200 (02/04/2021)1612393200 (02/04/2021)
typeMail Server SoftwareMail Server Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore4.03.5
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.53.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.53.4
price_0day$0-$5k$0-$5k
cve_assigned1597269600
cve_nvd_summaryAuthenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.

Do you know our Splunk app?

Download it now for free!