CVE-2023-40355 PoC — Axigen 跨站脚本漏洞

Source

Associated Vulnerability

Description

CVE-2023-40355 checker

Readme

# 🚨 CVE-2023-40355 Checker

Welcome to the **CVE-2023-40355 Checker**! This Python script is designed to test for the CVE-2023-40355 vulnerability in web applications.

## 📋 Description

Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.

## 📋 Features

- **Domain Testing**: Check multiple domains listed in a `domain.txt` file for the presence of the `alert(document.cookie)` vulnerability. 
- **Colorful Output**: Uses the `colorama` library to provide colored output for better visibility. 

## ⚙️ Requirements

- Python 3.x
- `requests` library (install via `pip install requests`)
- `colorama` library (install via `pip install colorama`)

## 📥 Installation

1. Clone the repository:
   ```bash
   git clone https://github.com/ace-83/cve-2023-40355.git
   cd cve-2023-40355
for more information about this cve you can read :
  - https://medium.com/@amir_h_fallahi/axigen-webmail-0-day-stealing-user-emails-through-xss-728de6782e85
  - https://nvd.nist.gov/vuln/detail/CVE-2023-40355

File Snapshot

 [4.0K]  /data/pocs/71ad5887297772894c8b297492154aa16b8945e2
├── [1.0K]  CVE-2023-40355.py
└── [1.2K]  README.md

0 directories, 2 files

Remarks