CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Stored cross-site scripting XSS in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities...

5.4CVSS5.9AI score0.032EPSS

Exploits2

RedhatCVE•added 2025/05/22 8:47 a.m.•10 views

CVE-2019-8983

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 1 of 2...

6.1CVSS6.1AI score0.00308EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:44 a.m.•7 views

CVE-2019-8984

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 2 of 2...

6.1CVSS6.2AI score0.00308EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:43 a.m.•3 views

CVE-2018-17792

MDaemon Webmail formerly WorldClient has CSRF...

8.8CVSS7AI score0.00194EPSS

Exploits0References1

CNVD•added 2021/04/15 12:0 a.m.•7 views

MDaemon Webmail IFRAME Injection Vulnerability

MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. An IFRAME injection vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited by an attacker to perform any action with the privileges of the attacked...

8.8CVSS7AI score0.00857EPSS

Exploits1References1

CNVD•added 2021/04/15 12:0 a.m.•8 views

MDaemon Webmail Cross-Site Scripting Vulnerability

MDaemon Webmail is an application from MDaemon Inc. A cross-site scripting vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited to perform any action with the privileges of the attacked user via a GET request...

6.1CVSS6.1AI score0.00308EPSS

Exploits1References1

CNVD•added 2021/04/15 12:0 a.m.•6 views

MDaemon Webmail Arbitrary File Write Vulnerability

MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. An arbitrary file write vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited by an attacker to create a new file anywhere on the file system, or ca...

7.2CVSS7.7AI score0.04291EPSS

Exploits1References1

CNNVD•added 2021/04/14 12:0 a.m.•3 views

MDaemon Webmail 安全漏洞

7.2CVSS6.4AI score0.04291EPSS

Exploits1References3

CNNVD•added 2021/04/14 12:0 a.m.•3 views

MDaemon Webmail 跨站请求伪造漏洞

MDaemon Webmail is a server-side application used to provide mail services from MDaemon, Inc. in the United States. A security vulnerability exists in MDaemon Webmail versions prior to 20.0.4 that allows an attacker to immobilize an ANTI-CSRF token...

8.8CVSS8AI score0.00131EPSS

Exploits1References3

CNNVD•added 2021/04/14 12:0 a.m.•2 views

MDaemon Technologies WorldClient 跨站脚本漏洞

6.1CVSS5.2AI score0.00308EPSS

Exploits1References3

CNVD•added 2021/03/04 12:0 a.m.•5 views

MDaemon Webmail Cross-Site Scripting Vulnerability (CNVD-2021-14734)

MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. A cross-site scripting vulnerability exists in MDaemon webmail 19.5.5, which allows attackers to execute code and XSS attacks while opening a contact list...

5.4CVSS5.8AI score0.00877EPSS

Exploits2References1

CNVD•added 2021/03/04 12:0 a.m.•8 views

MDaemon Webmail Cross-Site Scripting Vulnerability

MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. A cross-site scripting vulnerability exists in MDaemon webmail 19.5.5 that allows an attacker to execute code on the email recipient's end while forwarding an email...

5.4CVSS6.4AI score0.032EPSS

Exploits2References1

Exploit DB•added 2021/02/08 12:0 a.m.•285 views

Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)

Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail .jpg 2. Go to New mail, select recipient and the select attachment. Code gets executed as right...

7.4AI score

Exploits0

NVD•added 2021/02/03 6:15 p.m.•9 views

CVE-2020-18723

5.4CVSS0.032EPSS

Exploits2References3

OSV•added 2021/02/03 6:15 p.m.•2 views

CVE-2020-18724

Authenticated stored cross-site scripting XSS in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list...

5.4CVSS6AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by