IFRAME Injection Vulnerability in MDaemon Webmail (WorldClient) Allows Privilege Escalation

IFRAME Injection Vulnerability in MDaemon Webmail (WorldClient) Allows Privilege Escalation

CVE-2021-27182 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.

Learn more about our Web App Pen Testing.