# Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS) # Date: 2020-08-25 # Exploit Author: Kailash Bohara # Vendor Homepage: https://www.altn.com/ # Version: Mdaemon webmail < 20.0.0 # CVE : 2020-18724 1. Go to contact section and distribution list menu. Create a new distribution list. 2. Contact name field is vulnerabile to XSS. Use the payload 3. We can see execution code and after saving it, each time we visits the distribution list section the XSS pop-up is seen.