Conversation
cisakevtracker@mastodon.social

CISA KEV Tracker

CVE ID: CVE-2024-11182
Vendor: MDaemon
Product: Email Server
Date Added: 2025-05-19
Vulnerability: MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
Notes: https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-11182

0
0
0
buherator

buherator

CVE-2024-11182 also seems like a stored XSS: "attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag" - The '90s called and they want their webmail bugs back!!

RE: https://mastodon.social/@cisakevtracker/114535806650652126
0
0
1
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.