CVE-2022-31470 PoC — Axigen Mobile WebMail 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-31470.yaml

Associated Vulnerability

Title:Axigen Mobile WebMail 跨站脚本漏洞 (CVE-2022-31470)
Description:Axigen Mobile WebMail是罗马尼亚Axigen公司的一种移动网络邮件服务。 Axigen Mobile WebMail 10.2.3.12 之前版本和 10.3.3.47 之前版本存在安全漏洞，该漏洞源于 index_mobile_changepass.hsp 的重置密码部分存在跨站脚本问题。

Description

Axigen WebMail versions 10.5.0-4370c946 and older are vulnerable to reflected XSS via the m parameter in the /index.hsp endpoint.

File Snapshot


 id: CVE-2022-31470

info:
  name: Axigen WebMail - Cross-Site Scripting
  author: AmirZargham
  seve

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!