CVE advisoryKnown Exploit
CVE-2024-11182
MDaemon Email Server Cross-Site Scripting Vulnerability.
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A cross-site scripting vulnerability in MDaemon Email Server allows attackers to run arbitrary JavaScript in a user's browser via HTML emails. The U.S. government has identified this as a known exploited vulnerability, posing a business risk.