Reflected Cross Site Scripting on IceWarp WebClient Product.- CVE-2023–43319
Dear Folks,
Hi, I am Muthumohanprasath, an Independent Security Researcher.
This blog is about how I found the Cross Site Scripting in Webmail Calendar on IceWarp v.10.3.5 which allows the attacker to perform successful Cross Site Scripting Attack via username field on the login page.
Affected Product and Its Version: IceWarp WebClient Version: 10.3.5
CVE Assigned on this Vulnerability: CVE-2023–43319
Impact of this Vulnerability:
Attacker can redirect the application user to any malicious website through xss payload.
Attacker can steal the credentials on the login page using the keylogging attack through xss payload.
Attacker can steal the cookies of the application If the victim user is authenticated.
Vulnerable Subdomain I used: http://mail.promaks.net/webmail/
Detail Explanation of how I found this Vulnerability.
Step 01: First open the application and go to the signin page through this path — http://mail.promaks.net/webmail/calendar/index.html
From the above image, I can understand that — This subdomain is using the IceWarp WebClient the version number is — 10.3.5
Now we are on the IceWarp Web Mail Calendar Login page.
Step 02: Fill in the Username field with the below given payload.
As you can see, a username field on the login page.
Fill that username field with this payload –
Crafted Payload is — “><img src=x onerror=alert(1)>
Once filled the above payload on the username field, just click that next button on the login page.
You will be alerted with 1.
As you can see from the above image POC, it proves that the Ice Warp Web client v. 10.3.5 Calendar is vulnerable to the Reflected Cross Site Scripting Vulnerability through the username field on the login page.
Author of this CVE:
Muthumohanprasath R
Linkedin Profile: https://www.linkedin.com/in/muthumohanprasath-r-264737147/