Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-27180

Published: 14/04/2021 Updated: 21/04/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mdaemon

Vulnerability Summary

An issue exists in MDaemon prior to 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Github Repositories

https://github.com/chudyPB/MDaemon-Advisories

MDaemon Advisories - CVE-2021-27180, CVE-2021-27181, CVE-2021-27182, CVE-2021-27183

MDaemon-Advisories MDaemon Advisories: CVE-2021-27180 (Reflected XSS) CVE-2021-27181 (CSRF Token Fixation) CVE-2021-27182 (Iframe injection) CVE-2021-27183 (Remote Code Execution) Those vulnerabilities were already patched on January 2021 and are published for CVE purposes They can be chained to achieve RCE/Account Takeover over email message (user interaction requir

References

CWE-79https://github.com/chudyPB/MDaemon-Advisorieshttps://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/https://nvd.nist.govhttps://github.com/chudyPB/MDaemon-Advisories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook