Hallo,
MDaemon Webmail Vulnerabilities
Published March 24, 2020
Summary
A cross-site scripting (XSS) vulnerability in MDaemon Webmail
(WorldClient) was recently reported by Aayush Pokhrel of Eminence Ways
Information Security. This vulnerability may impact all browser types.
To address this issue, the development team at MDaemon Technologies has
released patches for affected versions of MDaemon.
For specific information, see the Affected Software Section below.
Recommendation: For MDaemon installations, MDaemon Technologies
recommends that administrators download and install the appropriate
update listed below
Known Issues: There are no known issues that customers may experience
when installing this patch.
Affected Software
The following versions of MDaemon have been tested and determined to be
affected. Please download the file version AND language based upon your
current installation.
For versions 15.0 - 18.0 we have a replacement DLL. Download the correct
ZIP file, stop MDaemon {and IIS if running Webmail in IIS), extract the
ZIP to \MDaemon\WorldClient\HTML, then start MDaemon (and IIS).
For versions 18.5 - 19.5 we have full installers. Download the correct
installer and run it.
https://www.altn.com/Support/SecurityUpdate/MD032420_MDaemon_EN/
--
syafril
-------
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 20.0-64 Beta E
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.
I have not failed. I've just found 10,000 ways that won't work.
--- Thomas A. Edison
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.5, SecurityGateway 6.5.2
