CVE-2024-11182 (GCVE-0-2024-11182)
Vulnerability from cvelistv5 – Published: 2024-11-15 10:43 – Updated: 2025-10-21 22:55
VLAI?
CISA
Summary
An XSS issue was discovered in
MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message
with
JavaScript in an img tag. This could
allow a remote attacker
to load arbitrary JavaScript code in the context of a webmail user's browser window.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MDaemon | Email Server |
Affected:
0 , ≤ 24.5.0
(semver)
Unaffected: 24.5.1 (semver) |
Credits
Matthieu Faou (ESET)
CISA Known Exploited Vulnerability
Data from the CISA Known Exploited Vulnerabilities Catalog
Date added: 2025-05-19
Due date: 2025-06-09
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Used in ransomware: Unknown
Notes: https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11182",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T03:55:39.100663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11182"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:36.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11182"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-19T00:00:00+00:00",
"value": "CVE-2024-11182 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Email Server",
"vendor": "MDaemon",
"versions": [
{
"lessThanOrEqual": "24.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "24.5.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthieu Faou (ESET)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nAn XSS issue was discovered in \n\nMDaemon Email Server before version\u0026nbsp;24.5.1c. An attacker can send an HTML e-mail message \nwith \nJavaScript in an img tag. This could\n allow a remote attacker\n\nto load arbitrary JavaScript code in the context of a webmail user\u0027s browser window.\n\n\n\n\n\n\n\n\u003c/p\u003e"
}
],
"value": "An XSS issue was discovered in \n\nMDaemon Email Server before version\u00a024.5.1c. An attacker can send an HTML e-mail message \nwith \nJavaScript in an img tag. This could\n allow a remote attacker\n\nto load arbitrary JavaScript code in the context of a webmail user\u0027s browser window."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Actively used in the wild.\u003cbr\u003e"
}
],
"value": "Actively used in the wild."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:43:10.960Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS vulnerability in MDaemon Email Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-11182",
"datePublished": "2024-11-15T10:43:10.960Z",
"dateReserved": "2024-11-13T15:38:18.210Z",
"dateUpdated": "2025-10-21T22:55:36.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2024-11182",
"cwes": "[\"CWE-79\"]",
"dateAdded": "2025-05-19",
"dueDate": "2025-06-09",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182",
"product": "Email Server",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.",
"vendorProject": "MDaemon",
"vulnerabilityName": "MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mdaemon:mdaemon:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"24.5.1\", \"matchCriteriaId\": \"F4A0C049-0053-4A66-A690-905C4D1E6B79\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An XSS issue was discovered in \\n\\nMDaemon Email Server before version\\u00a024.5.1c. An attacker can send an HTML e-mail message \\nwith \\nJavaScript in an img tag. This could\\n allow a remote attacker\\n\\nto load arbitrary JavaScript code in the context of a webmail user\u0027s browser window.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema de XSS en MDaemon Email Server anterior a la versi\\u00f3n 24.5.1c. Un atacante puede enviar un mensaje de correo electr\\u00f3nico HTML con JavaScript en una etiqueta img. Esto podr\\u00eda permitir que un atacante remoto cargue c\\u00f3digo JavaScript arbitrario en el contexto de la ventana del navegador de un usuario de correo web.\"}]",
"id": "CVE-2024-11182",
"lastModified": "2024-11-21T17:15:10.683",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"security@eset.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"PASSIVE\", \"vulnerableSystemConfidentiality\": \"LOW\", \"vulnerableSystemIntegrity\": \"LOW\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"LOW\", \"subsequentSystemIntegrity\": \"LOW\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
"published": "2024-11-15T11:15:10.410",
"references": "[{\"url\": \"https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html\", \"source\": \"security@eset.com\", \"tags\": [\"Release Notes\"]}]",
"sourceIdentifier": "security@eset.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@eset.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-11182\",\"sourceIdentifier\":\"security@eset.com\",\"published\":\"2024-11-15T11:15:10.410\",\"lastModified\":\"2025-10-30T20:11:36.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An XSS issue was discovered in \\n\\nMDaemon Email Server before version\u00a024.5.1c. An attacker can send an HTML e-mail message \\nwith \\nJavaScript in an img tag. This could\\n allow a remote attacker\\n\\nto load arbitrary JavaScript code in the context of a webmail user\u0027s browser window.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema de XSS en MDaemon Email Server anterior a la versi\u00f3n 24.5.1c. Un atacante puede enviar un mensaje de correo electr\u00f3nico HTML con JavaScript en una etiqueta img. Esto podr\u00eda permitir que un atacante remoto cargue c\u00f3digo JavaScript arbitrario en el contexto de la ventana del navegador de un usuario de correo web.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@eset.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"cisaExploitAdd\":\"2025-05-19\",\"cisaActionDue\":\"2025-06-09\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability\",\"weaknesses\":[{\"source\":\"security@eset.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mdaemon:mdaemon:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.5.1\",\"matchCriteriaId\":\"F4A0C049-0053-4A66-A690-905C4D1E6B79\"}]}]}],\"references\":[{\"url\":\"https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html\",\"source\":\"security@eset.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11182\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"platforms\": [\"Windows\"], \"product\": \"Email Server\", \"vendor\": \"MDaemon\", \"versions\": [{\"lessThanOrEqual\": \"24.5.0\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"24.5.1\", \"versionType\": \"semver\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Matthieu Faou (ESET)\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003e\\n\\nAn XSS issue was discovered in \\n\\nMDaemon Email Server before version\u0026nbsp;24.5.1c. An attacker can send an HTML e-mail message \\nwith \\nJavaScript in an img tag. This could\\n allow a remote attacker\\n\\nto load arbitrary JavaScript code in the context of a webmail user\u0027s browser window.\\n\\n\\n\\n\\n\\n\\n\\n\u003c/p\u003e\"}], \"value\": \"An XSS issue was discovered in \\n\\nMDaemon Email Server before version\\u00a024.5.1c. An attacker can send an HTML e-mail message \\nwith \\nJavaScript in an img tag. This could\\n allow a remote attacker\\n\\nto load arbitrary JavaScript code in the context of a webmail user\u0027s browser window.\"}], \"exploits\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Actively used in the wild.\u003cbr\u003e\"}], \"value\": \"Actively used in the wild.\"}], \"impacts\": [{\"capecId\": \"CAPEC-592\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-592 Stored XSS\"}]}], \"metrics\": [{\"cvssV4_0\": {\"Automatable\": \"NOT_DEFINED\", \"Recovery\": \"NOT_DEFINED\", \"Safety\": \"NOT_DEFINED\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"attackVector\": \"NETWORK\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"privilegesRequired\": \"NONE\", \"providerUrgency\": \"NOT_DEFINED\", \"subAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"userInteraction\": \"PASSIVE\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N\", \"version\": \"4.0\", \"vulnAvailabilityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"4a9b9929-2450-4021-b7b9-469a0255b215\", \"shortName\": \"ESET\", \"dateUpdated\": \"2024-11-15T10:43:10.960Z\"}, \"references\": [{\"url\": \"https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"Stored XSS vulnerability in MDaemon Email Server\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-11182\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-21T03:55:39.100663Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-05-19\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11182\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11182\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-18T14:54:49.804Z\"}, \"timeline\": [{\"time\": \"2025-05-19T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2024-11182 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
"cveMetadata": "{\"cveId\": \"CVE-2024-11182\", \"assignerOrgId\": \"4a9b9929-2450-4021-b7b9-469a0255b215\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"ESET\", \"dateReserved\": \"2024-11-13T15:38:18.210Z\", \"datePublished\": \"2024-11-15T10:43:10.960Z\", \"dateUpdated\": \"2025-10-21T19:44:14.064Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…