Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

MDaemon Email Server 17.5.1 Stored XSS (CVE-2019-19497)

first i should to say that this is a self xss and N/A for other users! so you can not make an attack .. :)

Introduction :

Step 1 :

Login to your mail .

Step 2 :

Create a new mail .

Step 3 :

Click on attach file .

Step 4 :

Attach your file. your file should to be named as "<svg onload=alert(1)>.png"

Bingo! ;)

This vulnerability is applicable every time you click this section .

alt text

https://nvd.nist.gov/vuln/detail/CVE-2019-19497