.. / CVE-2023-39598

Exploit for IceWarp Email Client - Cross Site Scripting (CVE-2023-39598)

Description:

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

Nuclei Template

View the template here CVE-2023-39598.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-39598.yaml
Copy

References:

https://medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c
https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c
https://nvd.nist.gov/vuln/detail/CVE-2023-39598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39598