Sebastian's Blog

software developer. security enthusiast.


XSS in Benno MailArchiv Web-App (benno-rest-lib <2.10.1 / benno-rest < 2.10.1) (CVE-2023-38347)


The Benno MailArchiv Web-App is vulnerable to cross-site-scripting if benno-rest-lib / benno-rest prior 2.10.1 is used.

To exploit the vulnerability the attacker sends an email containing malicious javascript to an mailbox which is archived by Benno MailArchiv. When a user logs into the Benno Web-App and views the malicious e-mail, the javascript is executed.

echo '<script>alert(1)</script>' | mail -s "$(echo -e "This is the subject\nContent-Type: text/html")" victim@domain.tld

Leave a Reply

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.