CVE-2025-3929

Name of the Vulnerable Software and Affected Versions MDaemon Email Server versions 25.0.1 and below

Description A Stored Cross-Site Scripting (XSS) issue was discovered, allowing a remote attacker to send a specially crafted HTML e-mail message with JavaScript in an img tag. This could enable the attacker to load arbitrary JavaScript code in the context of a webmail user's browser window and access user data.

Recommendations For MDaemon Email Server versions 25.0.1 and below, update to a version above 25.0.1 to resolve the issue. As a temporary workaround, consider restricting the use of HTML e-mail messages with JavaScript in the img tag until a patch is available.