CVE-2024-11182
Published: 15 November 2024
Summary
CVE-2024-11182 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Mdaemon Mdaemon. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
An XSS vulnerability tracked as CVE-2024-11182 affects MDaemon Email Server versions prior to 24.5.1c. The flaw resides in the webmail component and stems from insufficient sanitization of HTML email content, allowing JavaScript embedded in an img tag to execute when the message is rendered in a user's browser session.
A remote attacker can exploit the issue by sending a crafted HTML email containing the malicious img tag. When a webmail user views the message, the JavaScript runs in the context of that user's browser, enabling actions such as stealing session tokens or performing unauthorized operations within the webmail interface.
The vendor's release notes at files.mdaemon.com document the fix in version 24.5.1c, while the CISA Known Exploited Vulnerabilities catalog lists the CVE, confirming observed in-the-wild exploitation. The associated EPSS score rose from a low baseline to a peak of 0.2574 on 2025-12-11 before receding to the current value of 0.1352, indicating increased exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33681
Vulnerability details
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context…
more
of a webmail user's browser window.
- CWE(s)
- KEV Date Added
- 19 May 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of all input (including HTML email bodies) to reject or sanitize untrusted JavaScript before it reaches the webmail renderer.
Mandates filtering of information output by the webmail application so that script content embedded in img tags is stripped before display.
Restricts execution of mobile code (JavaScript) received from external sources such as email messages within the webmail session.