id: CVE-2023-39598 info: name: IceWarp Email Client - Cross Site Scripting author: Imjust0 severity: medium description: | Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. reference: - https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c - https://nvd.nist.gov/vuln/detail/CVE-2023-39598 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39598 - https://medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-39598 cwe-id: CWE-79 epss-score: 0.05054 epss-percentile: 0.92885 cpe: cpe:2.3:a:icewarp:webclient:10.2.1:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: icewarp product: webclient shodan-query: - title:"icewarp" - http.title:"icewarp" fofa-query: title="icewarp" google-query: intitle:"icewarp" tags: cve2023,cve,xss,icewarp http: - method: GET path: - '{{BaseURL}}/webmail/?mid={{to_lower(rand_base(4))}}">' matchers-condition: and matchers: - type: word words: - "" - "icewarp" condition: and - type: word part: header words: - "text/html" - type: status status: - 200 # digest: 4b0a00483046022100b61cc4082f72e9770eabedfb6b301b7590959070f5bb1b6f14227b274ac82bc5022100c14f59d395c1494ad92a9ef23f1b51bb8547b853478e8dfbb4792b31ca0c0d2e:922c64590222798bb761d5b6d8e72950