MDaemon WorldClient < 12.5.7 Multiple XSS Vulnerabilities

According to its banner, the version of MDaemon's WorldClient is earlier than 12.5.7 and is, therefore, affected by the following cross-site scripting vulnerabilities : - Input supplied in body of an email is not properly sanitized before being presented to the user. Specially crafted email...

CVE-2012-2584

CVE-2012-2584 affects Alt-N MDaemon Free 12.5.4 with multiple XSS in email bodies: CSS expression usage (within STYLE on IMG or other elements) and innerHTML attributes in XML. Root cause is improper sanitization enabling script/HTML injection, leading to potential remote code execution-like impa...