3 matches found
CVE-2018-17792
CVE-2018-17792 affects MDaemon Webmail (WorldClient). It is a Cross-Site Request Forgery (CSRF) in the web client. Exploitation could perform unintended actions for an authenticated user; CVSS2 base score 6.8 (MEDIUM) and CVSS3 base score 8.8 (HIGH) with network access, low attack complexity, no ...
CVE-2020-18724
CVE-2020-18724 affects MDaemon Webmail 19.5.5, where an authenticated user can trigger a stored XSS in the contact name field of a distribution list; payloads are executed when opening the contact list. Public exploit details exist (PacketStorm) and a vendor security update (ALTN) is referenced f...
CVE-2020-18723
MDaemon Webmail 19.5.5 is affected by a Stored XSS in the file attachment field. The vulnerability allows an attacker to execute code on the email recipient’s side when forwarding an email. No remediation or patch details are provided in the connected documents. Exploitation status is not specifi...