This update has been superseded.
MDaemon Patch Bulletin - MD021519
Fix to Webmail vulnerabilities
Published February 15, 2018
Two cross-site scripting (XSS) vulnerabilities in MDaemon Webmail (WorldClient) were recently reported by SecuritiTeam Secure Disclosure (SSD). These vulnerabilities may impact all browser types.
To address this issue, the development team at MDaemon Technologies has released patches for affected versions of MDaemon.
For specific information, see the Affected Software Section below.
Recommendation: For MDaemon installations, MDaemon Technologies recommends that administrators download and install the appropriate update listed below.
Known Issues: There are no known issues that customers may experience when installing this patch.
The following versions of MDaemon have been tested and determined to be affected. Other versions are not affected. Please download the file version AND language based upon your current installation.
Frequently Asked Questions (FAQ) Related to This Update
What is the impact?
These attacks may impact all users of MDaemon Webmail (formerly known as WorldClient).
What versions of MDaemon are affected?
Supported versions of MDaemon Email Server - versions 14.0.0 through 18.5.1. Users of earlier, un-supported versions of MDaemon are also encouraged to upgrade to the latest version to ensure they have the latest patches and security updates.
What do I need to do in order to resolve this issue?
Simply download and install the appropriate patch listed in the Affected Software Section of this update. There is no requirement to renew your license to obtain the fix.
Additional questions can be answered by using the web site Chat Feature in the top right header or by contacting MDaemon Technologies Support.