CVE-2023-39600
published 2023-08-25CVE-2023-39600: IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.17%
63.4th percentile
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icewarp | icewarp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
IceWarp 11.4.6.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-39600 [MEDIUM] IceWarp 11.4.6.0 - Cross-Site Scripting
IceWarp 11.4.6.0 - Cross-Site Scripting
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
Template:
id: CVE-2023-39600
info:
name: IceWarp 11.4.6.0 - Cross-Site Scripting
author: Imjust0
severity: medium
description: |
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
reference:
- https://medium.com/@katikitala.sushmitha078/cross-site-scripting-refle
No writeups or analysis indexed.
2023-08-25
Published