.. / CVE-2019-13392

Exploit for MindPalette NateMail 3.0.15 - Cross-Site Scripting (CVE-2019-13392)

Description:

MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim’s browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.

Nuclei Template

View the template here CVE-2019-13392.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-13392.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-13392
https://github.com/ARPSyndicate/kenzer-templates
https://mindpalette.com/tag/natemail/
https://www.doyler.net/security-not-included/natemail-vulnerabilities
https://twitter.com/mindpalette

.. / CVE-2019-13392 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for MindPalette NateMail 3.0.15 - Cross-Site Scripting (CVE-2019-13392)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-13392