GCVE - cpe:2.3:a:altn:mdaemon:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:altn:mdaemon:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Altn (`1888ca70-ffa0-5f3c-b2bb-c3d15c8c8bf3`)
Product	Mdaemon (`fa8a67e3-2aa7-587a-b692-bdc794d08a7e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-29976`	vulnerable	2026-06-08 05:42:49.992370	Details available An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . Published: 2022-05-11T12:54:14.000Z Updated: 2024-08-03T06:40:46.361Z Open on db.gcve.eu Reference links https://github.com/haxpunk1337/MDaemon-/blob/main/MDaemon%20XSS%20at%20BCC%20endpoint	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-29975`	vulnerable	2026-06-08 05:42:49.991879	Details available An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . Published: 2022-05-11T12:53:23.000Z Updated: 2024-08-03T06:40:46.360Z Open on db.gcve.eu Reference links https://github.com/haxpunk1337/MDaemon-/blob/main/MDaemon%20XSS%20at%20CC%20endpoint	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27183`	vulnerable	2026-06-08 05:30:46.027024	Details available An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution. Published: 2021-04-14T22:32:08.000Z Updated: 2024-08-03T20:40:47.444Z Open on db.gcve.eu Reference links https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/ https://github.com/chudyPB/MDaemon-Advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27182`	vulnerable	2026-06-08 05:30:46.026729	Details available An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user. Published: 2021-04-14T22:29:59.000Z Updated: 2024-08-03T20:40:47.424Z Open on db.gcve.eu Reference links https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/ https://github.com/chudyPB/MDaemon-Advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27181`	vulnerable	2026-06-08 05:30:46.026403	Details available An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the value of the anti-CSRF token, the attacker may trick the user into visiting his malicious page and performing any request with the privileges of attacked user. Published: 2021-04-14T22:28:29.000Z Updated: 2024-08-03T20:40:47.502Z Open on db.gcve.eu Reference links https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/ https://github.com/chudyPB/MDaemon-Advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27180`	vulnerable	2026-06-08 05:30:46.025969	Details available An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user. Published: 2021-04-14T22:26:56.000Z Updated: 2024-08-03T20:40:47.519Z Open on db.gcve.eu Reference links https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/ https://github.com/chudyPB/MDaemon-Advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8984`	vulnerable	2026-06-08 05:14:24.786900	Details available MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). Published: 2019-02-21T15:00:00.000Z Updated: 2024-09-16T19:20:39.961Z Open on db.gcve.eu Reference links https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8983`	vulnerable	2026-06-08 05:14:24.786356	Details available MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). Published: 2019-02-21T15:00:00.000Z Updated: 2024-09-17T00:36:36.738Z Open on db.gcve.eu Reference links https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2631`	vulnerable	2026-06-08 04:50:31.444649	Details available The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2008-06-10T00:00:00.000Z Updated: 2024-08-07T09:05:30.386Z Open on db.gcve.eu Reference links http://secunia.com/advisories/30474 https://exchange.xforce.ibmcloud.com/vulnerabilities/42809	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.