CVE-2020-26554

Name of the Vulnerable Software and Affected Versions REDDOXX MailDepot version 2.3.3022

Description The issue allows for Cross-site Scripting (XSS) via an incoming HTML e-mail message. This occurs because the software does not properly sanitize incoming HTML emails, allowing an attacker to inject malicious scripts.

Recommendations For version 2.3.3022, consider disabling the processing of HTML emails until a patch is available to prevent potential XSS attacks. Restrict access to email functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.