CVE-2022-37243

Name of the Vulnerable Software and Affected Versions MDaemon Technologies SecurityGateway for Email Servers version 8.5.2

Description The issue concerns a Cross Site Scripting (XSS) vulnerability via the "whitelist endpoint". This means that an attacker could potentially inject malicious scripts into the webpage, which would then be executed by the user's browser. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For MDaemon Technologies SecurityGateway for Email Servers version 8.5.2, consider restricting access to the whitelist endpoint until a fix is available. As a temporary workaround, avoid using the whitelist endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.