exploitDog

CVE-2021-27182

Опубликовано: 14 апр. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.

Ссылки

https://github.com/chudyPB/MDaemon-Advisories
Exploit
Third Party Advisory
https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/
Release Notes
Vendor Advisory
https://github.com/chudyPB/MDaemon-Advisories
Exploit
Third Party Advisory
https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:altn:mdaemon:*:*:*:*:*:*:*:*

Версия до 20.0.4 (исключая)

EPSS

Процентиль: 75%

0.00857

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-xqqm-w483-3fhq

github

больше 3 лет назад

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.

EPSS

Процентиль: 75%

0.00857

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74