Headline
CVE-2023-38347: XSS in Benno MailArchiv Web-App (benno-rest-lib – Sebastian's Blog
An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.
August 9, 2023 Sebastian
The Benno MailArchiv Web-App is vulnerable to cross-site-scripting if benno-rest-lib / benno-rest prior 2.10.1 is used.
To exploit the vulnerability the attacker sends an email containing malicious javascript to an mailbox which is archived by Benno MailArchiv. When a user logs into the Benno Web-App and views the malicious e-mail, the javascript is executed.
echo ‘<script>alert(1)</script>’ | mail -s "$(echo -e “This is the subject\nContent-Type: text/html”)" [email protected]