MDaemon Email Server 17.5.1 Stored XSS (CVE-2019-19497)
first i should to say that this is a self xss and N/A for other users! so you can not make an attack .. :)
Introduction :
Step 1 :
Login to your mail .
Step 2 :
Create a new mail .
Step 3 :
Click on attach file .
Step 4 :
Attach your file. your file should to be named as "<svg onload=alert(1)>.png"
Bingo! ;)
This vulnerability is applicable every time you click this section .
