Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability

Known Exploited Vulnerabilities CVE-2024-11182

MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2024-11182	MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability	exploitation_technique	T1566	Phishing	Comments Threat actors can use spearphishing to deliver a malicious JavaScript payload, which then allows exfiltration of sensitive data from the email servers. References https://www.broadcom.com/support/security-center/protection-bulletin/fancy-bear-spearphishing-exploiting-cve-2024-11182-to-deliver-spypress
CVE-2024-11182	MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments Threat actors can use spearphishing to deliver a malicious JavaScript payload, which then allows exfiltration of sensitive data from the email servers. References https://www.broadcom.com/support/security-center/protection-bulletin/fancy-bear-spearphishing-exploiting-cve-2024-11182-to-deliver-spypress
CVE-2024-11182	MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability	primary_impact	T1567	Exfiltration Over Web Service	Comments Threat actors can use spearphishing to deliver a malicious JavaScript payload, which then allows exfiltration of sensitive data from the email servers. References https://www.broadcom.com/support/security-center/protection-bulletin/fancy-bear-spearphishing-exploiting-cve-2024-11182-to-deliver-spypress