2 matches found
CVE-2019-19497
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...
CVE-2019-19497
CVE-2019-19497 affects MDaemon Email Server 17.5.1 and is a Cross‑Site Scripting (XSS) vulnerability triggered by the filename of an email attachment. Public docs identify the root cause as a lack of proper validation of client‑side data by the web application, enabling injection of script throug...