Vendor coverage
Track published CVEs, severity trends, and remediation context for mdaemon products.
Search results
Showing 1-4 of 4 vulnerabilities.
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and access user data.
CVSS
5.3
MEDIUM
Published
Apr 29, 2025
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.
CVSS
5.3
MEDIUM
Published
Nov 15, 2024
MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.
CVSS
4.8
MEDIUM
Published
Dec 31, 2023
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
CVSS
5.5
MEDIUM
Published
Dec 31, 2002
