CVE-2024-11182

UNKNOWN 0.0

⚠️ CISA KEV

Stored XSS vulnerability in MDaemon Email Server

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.

CWE	CWE-79
Vendor	mdaemon
Product	email server
Published	Nov 15, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for mdaemon email server

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-11182.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MDaemon / Email Server

0 ≤ 24.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

files.mdaemon.com: https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11182

Credits

Matthieu Faou (ESET)