cbcvebase.
CVE-2023-38192
published 2023-10-21

CVE-2023-38192: An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.

PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.12%
62.0th percentile
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.

Affected

1 ranges
VendorProductVersion rangeFixed in
superwebmailersuperwebmailer

Detection & IOCsextracted from sources · hover to see the quote

path/superadmincreate.php
commandPassword=a">alert(document.domain);&PasswordAgain=b&Language=de&SubmitBtn=Nutzer+erstellen
  • Detect XSS exploitation attempt by matching reflected payload in HTTP response body: look for the string 'Password" value="a">alert(document.domain);' alongside 'SuperWebMailer'
  • Target endpoint is superadmincreate.php; monitor POST requests to this path with crafted Password parameter values containing HTML/JS injection characters (e.g., ">)
  • Shodan query 'title:"SuperWebMailer"' can be used to identify exposed SuperWebMailer instances for asset discovery
  • ·Vulnerability is specific to SuperWebMailer version 9.00.0.01710; other versions are not confirmed affected
  • ·The XSS is reflected via the Password field on the superadmin creation page; exploitation requires user interaction (UI:R) per CVSS scoring

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.