Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)

2021-02-08
ID: 104016
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Date: 2020-08-25
# Exploit Author: Kailash Bohara
# Vendor Homepage: https://www.altn.com/
# Version: Mdaemon webmail < 20.0.0
# CVE : 2020-18723

1. Rename a file and set it’s name as <img src=x onerror=alert(1)>.jpg
2. Go to New mail, select recipient and the select attachment. Code gets executed as right after upload so it becomes self XSS.
3. Send the mail to recipient and open email from recipent side. Opening just a mail doesn’t executes the code but when the victim clicks on forward button, XSS pop-up is shown.
1-4-2 (www01)