Cyber Resilience

CVE-2024-11182

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 15 November 2024

Published
15 November 2024
Modified
30 October 2025
KEV Added
19 May 2025
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1352 94.4th percentile
Risk Priority 39 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11182 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Mdaemon Mdaemon. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

An XSS vulnerability tracked as CVE-2024-11182 affects MDaemon Email Server versions prior to 24.5.1c. The flaw resides in the webmail component and stems from insufficient sanitization of HTML email content, allowing JavaScript embedded in an img tag to execute when the message is rendered in a user's browser session.

A remote attacker can exploit the issue by sending a crafted HTML email containing the malicious img tag. When a webmail user views the message, the JavaScript runs in the context of that user's browser, enabling actions such as stealing session tokens or performing unauthorized operations within the webmail interface.

The vendor's release notes at files.mdaemon.com document the fix in version 24.5.1c, while the CISA Known Exploited Vulnerabilities catalog lists the CVE, confirming observed in-the-wild exploitation. The associated EPSS score rose from a low baseline to a peak of 0.2574 on 2025-12-11 before receding to the current value of 0.1352, indicating increased exploitation interest after public disclosure.

EU & UK References

Vulnerability details

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context…

more

of a webmail user's browser window.

CWE(s)
KEV Date Added
19 May 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mdaemon
mdaemon
≤ 24.5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of all input (including HTML email bodies) to reject or sanitize untrusted JavaScript before it reaches the webmail renderer.

prevent

Mandates filtering of information output by the webmail application so that script content embedded in img tags is stripped before display.

SC-18 Mobile Code partial match
prevent

Restricts execution of mobile code (JavaScript) received from external sources such as email messages within the webmail session.

References