CVE-2023-49077

Name of the Vulnerable Software and Affected Versions Mailcow: dockerized versions prior to 2023-11

Description A Cross-Site Scripting (XSS) issue has been identified within the Quarantine UI of the system, posing a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code.

Recommendations For versions prior to 2023-11, update to version 2023-11 to resolve the issue. As a temporary workaround, consider restricting access to the Quarantine UI to minimize the risk of exploitation. Avoid using the Quarantine feature until the issue is resolved.