CVE-2020-18723

Опубликовано: 03 фев. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.

Ссылки

http://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/
Vendor Advisory
http://kailashbohara.com.np/blog/2020/07/15/mdaemon-stored-xss
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.altn.com/Support/SecurityUpdate/MD082520_MDaemon_EN/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:altn:mdaemon_webmail:*:*:*:*:*:*:*:*

Версия до 20.0.1 (исключая)

EPSS

Процентиль: 87%

0.032

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7c3h-wh3g-298c

github

больше 3 лет назад