CVE-2022-41676 MEDIUM

CVE-2022-41676: TEAM JOHNLONG SOFTWARE CO., LTD. MAILD Mail Server - Cross-Site Scripting

Vendor Team Johnlong Software Co., Ltd.
Product MAILD Mail Server
Weakness CWE-85
Published November 29, 2022
Last update April 24, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.

Key dates

02Disclosure timeline

November 29, 2022 CVE published
April 24, 2025 Record updated