Alt-N MDaemon webmail 20.0.0 Exploit, 'file name' Stored Cross Site Scripting (XSS)

# Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)
# Date: 2020-08-25
# Exploit Author: Kailash Bohara
# Vendor Homepage: https://www.altn.com/
# Version: Mdaemon webmail < 20.0.0
# CVE : 2020-18723

1. Rename a file and set it’s name as <img src=x onerror=alert(1)>.jpg
2. Go to New mail, select recipient and the select attachment. Code gets executed as right after upload so it becomes self XSS.
3. Send the mail to recipient and open email from recipent side. Opening just a mail doesn’t executes the code but when the victim clicks on forward button, XSS pop-up is shown.

All rights reserved nPulse.net 2009 - 2021
Powered by: MVCP 2.0-RC / ASPF / PHP 7.4 / NGINX / FreeBSD