🟢 CVE-2024-11182

CVE-2024-11182 is a stored XSS vulnerability in MDaemon Email Server's webmail component that requires an attacker to send a malicious HTML email to victims. While the email server itself is internet-facing, this vulnerability targets user browser sessions rather than providing direct server access, making it a phishing/social engineering attack vector rather than direct server exploitation.

← Back to Overview
LOW_RISK
Risk Level
5.3
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: PHISHING

CVE Published: 2024-11-15

Added to CISA KEV: 2025-05-19 185 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-11182 is a medium-severity Cross-Site Scripting (XSS) vulnerability affecting the MDaemon Email Server [1] [3].

Vulnerability Overview
  • Nature of Vulnerability: Stored XSS?lang=en?kagi_q=CVE-2024-11182+details+exploitation+impact+affected+versions.
  • Root Cause: Improper sanitization of HTML email content within the webmail interface’s rendering component [3].
  • Attack Method: An attacker can send a specially crafted HTML email containing malicious JavaScript embedded within an `` tag [1]?lang=en?kagi_q=CVE-2024-11182+details+exploitation+impact+affected+versions.
Exploitation and Impact
  • Exploitation Requirements: The attack is remote and requires a webmail user to view the malicious email [2]. User interaction is a necessary component of the exploit chain.
  • Impact: Successful exploitation allows the attacker to execute arbitrary JavaScript code within the context of the victim's browser session [2]. This can lead to session hijacking, unauthorized actions performed on behalf of the user, or information theft.
  • Active Exploitation/Threat Actors: There is no widely reported evidence of this vulnerability being actively exploited in the wild by specific threat actors, nor is it prominently associated with ransomware campaigns or targeted attacks in public security reporting.
Affected Versions and Mitigation
  • Affected Versions: MDaemon Email Server versions prior to 24.5.1c [1]?lang=en?kagi_q=CVE-2024-11182+details+exploitation+impact+affected+versions.
  • Patch Status: Users are advised to update to version 24.5.1c or later to remediate the vulnerability.
  • Exploit Availability: While the technical details of the vulnerability are public, there is no widespread report of functional, weaponized exploit tools being publicly distributed for this specific CVE.

Sources

  1. CVE-2024-11182 Detail - NVD

    An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. ... CVE-2024-11182 Detail. Description. An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-ma…

  2. An XSS issue was discovered in MDaemon Email Server... · CVE ...

    An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. ... MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote…

  3. Zimbra, Draytek, Jira, Tornado, MDaemon CVEs in TPRM

    CVE-2024-11182 is a medium-severity cross-site scripting (XSS) vulnerability affecting MDaemon Email Server versions prior to 24.5.1. The flaw resides in the webmail interface’s HTML email rendering component, where improper sanitization allows attackers to inject malicious JavaScript code via speci…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed