CVE-2023-39700
published 2023-08-25CVE-2023-39700: IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.38%
68.6th percentile
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icewarp | mail_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
IceWarp Mail Server v10.4.5 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-39700 [MEDIUM] IceWarp Mail Server v10.4.5 - Cross-Site Scripting
IceWarp Mail Server v10.4.5 - Cross-Site Scripting
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
Template:
id: CVE-2023-39700
info:
name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the color parameter in the webmail interface to steal email user session cookies and access sensitive email communications.
remediation: |
Update IceWarp Mail Server to a version newer than 10.4.5 that properly sanitizes the color parameter and encodes output in th
No writeups or analysis indexed.
https://cwe.mitre.org/data/definitions/79.htmlhttps://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-yhttps://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_%28XSS%29https://cwe.mitre.org/data/definitions/79.htmlhttps://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-yhttps://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_%28XSS%29
2023-08-25
Published