Kailash

Name of the Vulnerable Software and Affected Versions: MDaemon webmail version 19.5.5 Description: The issue is related to stored cross-site scripting (XSS) in the file attachment field, allowing an attacker to execute code on the recipient's side when an email is forwarded, potentially leading to malicious activities. Recommendations: For MDaemon webmail version 19.5.5, consider disabling the file attachment field in the webmail interface until a patch is available to prevent exploitation of the stored XSS issue.

Name of the Vulnerable Software and Affected Versions: MDaemon webmail version 19.5.5 Description: The issue is related to an authenticated stored cross-site scripting (XSS) in the contact name field of the distribution list. This allows an attacker to execute code and perform a XSS attack when a contact list is opened. Recommendations: For MDaemon webmail version 19.5.5, update to a version that fixes this issue to prevent stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.