CVE-2024-11182
Published Nov 15, 2024
Last updated 2 months ago
AI description
CVE-2024-11182 is a cross-site scripting (XSS) vulnerability found in MDaemon Email Server versions prior to 24.5.1c. The vulnerability arises from insufficient sanitization of user-supplied data when handling IMG tags in email messages. An attacker can exploit this vulnerability by sending a specially crafted HTML email containing JavaScript code within an `<img>` tag. If the recipient opens the email, the malicious JavaScript code could execute within the context of their webmail browser window, potentially leading to unauthorized actions or information disclosure.
- Description
- An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.
- Source
- security@eset.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
- Exploit added on
- May 19, 2025
- Exploit action due
- Jun 9, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/wCHfNfUdnn https://t.co/PAPOEzT26N
@scandaletti
1 Jun 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Operation RoundPress by Fancy Bear exploits XSS vulnerabilities, including CVE-2024-11182 in MDaemon, to deploy SpyPress malware and target Ukrainian government and defense contractors. Global expansion observed in 2024 🌐🚨 #Ukraine #Webmail https://t.co/VxePyZzxE1
@TweetThreatNews
31 May 2025
124 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/CZjriidIcJ https://t.co/1AbHwaZjmw
@iVarunVerma
30 May 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/jDVWewg1ZN https://t.co/tB1N0XW8ga
@mayurk21
30 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/PmT3xl8t4Q https://t.co/CGu0jvg0YP
@SirajD_Official
30 May 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/YyOcGNET2C https://t.co/Wkwk5ZpGJz
@CloudVirtues
29 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MDaemon patched CVE-2024-11182 (reported by ESET) in version 24.5.1 (Nov 14, 2024). Yet ESET only disclosed on May 15, 2025, that the vulnerability had been exploited in the wild from the start. 🤷♂️ #MDaemon #ESET ➡️ https://t.co/wGVFZzR5wP https://t.co/7zJyBZnRHY
@leonov_av
29 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress https://t.co/dsTlrkvPI6 https://t.co/5ujPB43bKm
@IdentityJason
29 May 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-11182 #MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability https://t.co/6ymfk90y3E
@ScyScan
22 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MDaemon XSS Exploited APT actors are exploiting CVE-2024-11182, a critical vulnerability in MDaemon email servers, impacting government and enterprise systems. 🔗https://t.co/1tCPjqyF14 #CyberSecurity #DPI #CVE20241182
@TuringCyberObs
16 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#APT28 Different XSS vulnerabilities being used to target additional webmail software: Horde, MDaemon, and Zimbra. Roundcube CVE-2020-35730 CVE-2023-43770 MDaemon CVE-2024-11182 Outlook Elevation of Privilege Vul CVE-2023-23397 Zimbra CVE-2024-27443 https://t.co/VX2gyK5WkH https:
@blackorbird
16 May 2025
3161 Impressions
22 Retweets
63 Likes
23 Bookmarks
0 Replies
0 Quotes
ロシアのハッカーグループ「Fancy Bear」が、ウクライナの高官や軍需企業のメールアカウントを標的としたサイバースパイ活動を展開。ゼロデイ脆弱性「CVE-2024-11182」を含む複数のWebメールソフトの脆弱性を悪
@01ra66it
15 May 2025
740 Impressions
5 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2024-11182 Cross-Site Scripting in MDaemon Email Server Pre-24.5.1c An XSS problem was found in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML email with JavaScript inside an img ta... https://t.co/wKv8GukOjz
@VulmonFeeds
15 Nov 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11182 An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could … https://t.co/vw3YUyRw5r
@CVEnew
15 Nov 2024
321 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mdaemon:mdaemon:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4A0C049-0053-4A66-A690-905C4D1E6B79",
"versionEndExcluding": "24.5.1"
}
],
"operator": "OR"
}
]
}
]