REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26554
Reference (s):
- http://packetstormsecurity.com/files/160077/MailDepot-2033-2.3.3022-Cross-Site-Scripting.html
- https://www.syss.de/pentest-blog/syss-2020-037-persistent-cross-site-scripting-schwachstelle-in-reddoxx-maildepot