KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

5.3

CVSS
Medium

CVE-2024-11182

PUBLISHED

Stored XSS vulnerability in MDaemon Email Server

Exploited in the wild Remote Low complexity

Vendor: MDaemon
Product: Email Server
Published: Nov 15, 2024
EPSS: 37.3% · 97% pctl

Description

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.

cisa

CVSS scores

CVSS v4.0 5.3 Medium

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CVSS v3.1 6.1 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitation status

Exploited in the wild

Recorded 2025-05-21 13:10:31 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE	May 21, 2025

Timeline

CVE ID Reserved

November 13, 2024
CVE Published to Public

November 15, 2024
Added to KEVIntel

May 21, 2025