33 matches found
Careto is back: what’s new after 10 years of silence?
During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, our researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor...
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2024-11182
MDaemon Email Server is affected by CVE-2024-11182: an XSS in HTML emails containing JavaScript in an img tag, exploitable in the webmail UI prior to version 24.5.1c. Impact is loading arbitrary JavaScript in the browser context of a webmail user. The vendor patched to 24.5.1c (Nov 14, 2024); exp...
CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
PT-2024-16805
Name of the Vulnerable Software and Affected Versions MDaemon Email Server versions prior to 24.5.1c Description An XSS issue was discovered in MDaemon Email Server, allowing a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window by sending an HTML...
MDaemon Email Server 安全漏洞
MDaemon Email Server is an email server from MDaemon, Inc. A security vulnerability exists in MDaemon Email Server versions prior to 24.5.1c, which stems from the presence of a cross-site scripting XSS vulnerability that could allow a remote attacker to load arbitrary JavaScript code in the conte...
CVE-2024-11182
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user’s browser window. Recent assessments: Assess...
CVE-2019-19497
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...
Cross site scripting
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...
CVE-2019-19497
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...
CVE-2019-13612
MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...