CVE-2024-11182

Published Nov 15, 2024

Last updated 24 days ago

Exploit knownCVSS medium 5.3
MDaemon Email Server

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-11182 is a cross-site scripting (XSS) vulnerability found in MDaemon Email Server versions prior to 24.5.1c. The vulnerability arises from insufficient sanitization of user-supplied data when handling IMG tags in email messages. An attacker can exploit this vulnerability by sending a specially crafted HTML email containing JavaScript code within an `<img>` tag. If the recipient opens the email, the malicious JavaScript code could execute within the context of their webmail browser window, potentially leading to unauthorized actions or information disclosure.

Description
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.
Source
security@eset.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
Exploit added on
May 19, 2025
Exploit action due
Jun 9, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

security@eset.com
CWE-79
nvd@nist.gov
CWE-79

Social media

Hype score
Not currently trending
  1. Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/wCHfNfUdnn https://t.co/PAPOEzT26N

    @scandaletti

    1 Jun 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Operation RoundPress by Fancy Bear exploits XSS vulnerabilities, including CVE-2024-11182 in MDaemon, to deploy SpyPress malware and target Ukrainian government and defense contractors. Global expansion observed in 2024 🌐🚨 #Ukraine #Webmail https://t.co/VxePyZzxE1

    @TweetThreatNews

    31 May 2025

    124 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/CZjriidIcJ https://t.co/1AbHwaZjmw

    @iVarunVerma

    30 May 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/jDVWewg1ZN https://t.co/tB1N0XW8ga

    @mayurk21

    30 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/PmT3xl8t4Q https://t.co/CGu0jvg0YP

    @SirajD_Official

    30 May 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/YyOcGNET2C https://t.co/Wkwk5ZpGJz

    @CloudVirtues

    29 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. MDaemon patched CVE-2024-11182 (reported by ESET) in version 24.5.1 (Nov 14, 2024). Yet ESET only disclosed on May 15, 2025, that the vulnerability had been exploited in the wild from the start. 🤷‍♂️ #MDaemon #ESET ➡️ https://t.co/wGVFZzR5wP https://t.co/7zJyBZnRHY

    @leonov_av

    29 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/dsTlrkvPI6 https://t.co/5ujPB43bKm

    @IdentityJason

    29 May 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-11182 #MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability https://t.co/6ymfk90y3E

    @ScyScan

    22 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. MDaemon XSS Exploited APT actors are exploiting CVE-2024-11182, a critical vulnerability in MDaemon email servers, impacting government and enterprise systems. 🔗https://t.co/1tCPjqyF14 #CyberSecurity #DPI #CVE20241182

    @TuringCyberObs

    16 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. #APT28 Different XSS vulnerabilities being used to target additional webmail software: Horde, MDaemon, and Zimbra. Roundcube CVE-2020-35730 CVE-2023-43770 MDaemon CVE-2024-11182 Outlook Elevation of Privilege Vul CVE-2023-23397 Zimbra CVE-2024-27443 https://t.co/VX2gyK5WkH https:

    @blackorbird

    16 May 2025

    3161 Impressions

    22 Retweets

    63 Likes

    23 Bookmarks

    0 Replies

    0 Quotes

  12. ロシアのハッカーグループ「Fancy Bear」が、ウクライナの高官や軍需企業のメールアカウントを標的としたサイバースパイ活動を展開。ゼロデイ脆弱性「CVE-2024-11182」を含む複数のWebメールソフトの脆弱性を悪

    @01ra66it

    15 May 2025

    740 Impressions

    5 Retweets

    10 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-11182 Cross-Site Scripting in MDaemon Email Server Pre-24.5.1c An XSS problem was found in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML email with JavaScript inside an img ta... https://t.co/wKv8GukOjz

    @VulmonFeeds

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2024-11182 An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could … https://t.co/vw3YUyRw5r

    @CVEnew

    15 Nov 2024

    321 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.