CVE-2020-18723
23Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 3.8%
from disclosure to weapon5 days
Published on NVDFeb 3
1st PoC+5d
exploitation probability
3.8%top 11% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/161332/Alt-N-MDaemon-Webmail-20.0.0-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49537unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.