← back
CVE-2020-18723

CVE-2020-18723

EPSS 3.8%
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49537unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xsshttp://packetstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.htmlhttps://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/