Altn mdaemon webmail 20.0.0 file name stored cross site scripting (xss) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-02-08 | Type : webapps | Platform : windows
This exploit / vulnerability Altn mdaemon webmail 20.0.0 file name stored cross site scripting (xss) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)
# Date: 2020-08-25
# Exploit Author: Kailash Bohara
# Vendor Homepage: https://www.altn.com/
# Version: Mdaemon webmail < 20.0.0
# CVE : 2020-18723

1. Rename a file and set it’s name as <img src=x onerror=alert(1)>.jpg
2. Go to New mail, select recipient and the select attachment. Code gets executed as right after upload so it becomes self XSS.
3. Send the mail to recipient and open email from recipent side. Opening just a mail doesn’t executes the code but when the victim clicks on forward button, XSS pop-up is shown.

Altn mdaemon webmail 20.0.0 file name stored cross site scripting (xss)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Altn mdaemon webmail 20.0.0 file name stored cross site scripting (xss) Vulnerability / Exploit