{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T14:44:28.263","vulnerabilities":[{"cve":{"id":"CVE-2025-3929","sourceIdentifier":"security@eset.com","published":"2025-04-29T12:15:32.300","lastModified":"2025-05-12T19:35:32.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and access user data."},{"lang":"es","value":"Se descubrió un problema de XSS en MDaemon Email Server, versión 25.0.1 y anteriores. Un atacante puede enviar un mensaje de correo electrónico HTML especialmente manipulado con JavaScript en una etiqueta img. Esto podría permitir que un atacante remoto cargue código JavaScript arbitrario en el contexto de la ventana del navegador de un usuario de correo web y acceda a sus datos."}],"metrics":{"cvssMetricV40":[{"source":"security@eset.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@eset.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"20.0.0","versionEndExcluding":"20.0.9","matchCriteriaId":"6A98D62A-131D-4FCB-9ED9-2C93388BFA1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"21.0.0","versionEndExcluding":"21.0.8","matchCriteriaId":"A3D33BAB-A28C-4EE6-990D-30FCCF04BE45"},{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"21.5.0","versionEndExcluding":"21.5.6","matchCriteriaId":"009A688F-E717-4D15-8D41-0ABDAD278804"},{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"22.0.0","versionEndExcluding":"22.0.7","matchCriteriaId":"A02B0C57-2252-4D20-93FB-712E3B489FE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"23.0.0","versionEndExcluding":"23.0.4","matchCriteriaId":"92193ED2-92B5-4228-8515-F2E4718602F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"23.5.0","versionEndExcluding":"23.5.5","matchCriteriaId":"6DCB86A7-C9FD-43A0-9333-7F16F6F886E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"24.0.0","versionEndExcluding":"24.0.4","matchCriteriaId":"0BCADC1F-8829-427B-B9BC-AE17E0A46380"},{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"24.5.0","versionEndExcluding":"24.5.3","matchCriteriaId":"0AF35732-9CF3-43D8-B1DA-47D5C250A9E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:email_server:*:*:*:*:*:*:*:*","versionStartIncluding":"25.0.0","versionEndExcluding":"25.0.2","matchCriteriaId":"66F44239-9CFF-4006-AD2F-F75701317CE3"}]}]}],"references":[{"url":"https://mdaemon.com/pages/downloads-critical-updates","source":"security@eset.com","tags":["Release Notes"]}]}}]}