[] NeoSense
E X P L O I T S
title author type platform port cve id

Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)

Author: Kailash Bohara
type: webapps
platform: windows
port: 
date_added: 2021-02-08 
date_updated: 2021-02-08 
verified: 0 
codes: CVE-2020-18724 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)
# Date: 2020-08-25
# Exploit Author: Kailash Bohara
# Vendor Homepage: https://www.altn.com/
# Version: Mdaemon webmail < 20.0.0
# CVE : 2020-18724

1. Go to contact section and distribution list menu. Create a new distribution list.
2. Contact name field is vulnerabile to XSS. Use the payload <img src=x onerror=alert(1)>
3. We can see execution code and after saving it, each time we visits the distribution list section the XSS pop-up is seen.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.