MDaemon Technologies
Products
2- 6 CVEs
- 4 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-61084 | Hig | 0.46 | 7.1 | 0.00 | Nov 5, 2025 | MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation,… | ||
| CVE-2024-11182 | 0.13 | — | 0.17 | KEV | Nov 15, 2024 | An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window. | ||
| CVE-2025-3929 | 0.00 | — | 0.00 | Apr 29, 2025 | An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's… | |||
| CVE-2022-37238 | 0.00 | — | 0.00 | Aug 25, 2022 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. | |||
| CVE-2022-37241 | 0.00 | — | 0.01 | Aug 25, 2022 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. | |||
| CVE-2022-37242 | 0.00 | — | 0.01 | Aug 25, 2022 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. | |||
| CVE-2022-37243 | 0.00 | — | 0.01 | Aug 25, 2022 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. | |||
| CVE-2022-37244 | 0.00 | — | 0.00 | Aug 25, 2022 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. | |||
| CVE-2022-37245 | 0.00 | — | 0.01 | Aug 25, 2022 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. | |||
| CVE-2019-19497 | 0.00 | — | 0.01 | Dec 17, 2019 | MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message. |
- risk 0.46cvss 7.1epss 0.00
MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation,…
- risk 0.13cvss —epss 0.17
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.
- CVE-2025-3929Apr 29, 2025risk 0.00cvss —epss 0.00
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's…
- CVE-2022-37238Aug 25, 2022risk 0.00cvss —epss 0.00
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.
- CVE-2022-37241Aug 25, 2022risk 0.00cvss —epss 0.01
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.
- CVE-2022-37242Aug 25, 2022risk 0.00cvss —epss 0.01
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.
- CVE-2022-37243Aug 25, 2022risk 0.00cvss —epss 0.01
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.
- CVE-2022-37244Aug 25, 2022risk 0.00cvss —epss 0.00
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.
- CVE-2022-37245Aug 25, 2022risk 0.00cvss —epss 0.01
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.
- CVE-2019-19497Dec 17, 2019risk 0.00cvss —epss 0.01
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message.