CVE-2023-38194
published 2023-10-21CVE-2023-38194: An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.14%
62.6th percentile
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| superwebmailer | superwebmailer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
SuperWebMailer - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-38194 [MEDIUM] SuperWebMailer - Cross-Site Scripting
SuperWebMailer - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter.
Template:
id: CVE-2023-38194
info:
name: SuperWebMailer - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter.
impact: |
Successful exploitation could allow an attacker to execute malicious scripts in the context of a user's browser, leading to potential data theft or account compromise.
remediation: |
Implement input validation and output encoding to prevent XSS attacks in the SuperWebMailer keepalive.php script.
reference:
- https://herolab.usd.de/security-advisories/usd-2023-0013/
- https://nvd.nist.gov/vuln/detail/C
No writeups or analysis indexed.
2023-10-21
Published