2 matches found
CVE-2019-13612
CVE-2019-13612 affects MDaemon Email Server 19 through 20.0.1, where SpamAssassin checks are skipped by default for email messages larger than 2 MB and checks are limited to 10 MB even with configured options. The issue arises from the server’s filtering behavior rather than a generic vulnerabili...
CVE-2019-19497
CVE-2019-19497 affects MDaemon Email Server 17.5.1 and is a Cross‑Site Scripting (XSS) vulnerability triggered by the filename of an email attachment. Public docs identify the root cause as a lack of proper validation of client‑side data by the web application, enabling injection of script throug...