Mdaemon Email Server
Monthly
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.