CVE-2022-37245

Name of the Vulnerable Software and Affected Versions MDaemon Technologies SecurityGateway for Email Servers version 8.5.2

Description The issue is related to Cross Site Scripting (XSS) and can be exploited via the "Blacklist endpoint". This means that an attacker could potentially inject malicious scripts into the webpage, allowing them to steal user data or take control of the user's session.

Recommendations For version 8.5.2, as a temporary workaround, consider restricting access to the Blacklist endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.