# CVE-2024-11182

> An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.

- **CVSS:** 6.1 (MEDIUM)
- **EPSS:** 15.3%
- **CISA KEV:** yes
- **CWE:** CWE-79

Canonical: https://intel.threadlinqs.com/cve/CVE-2024-11182
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp