CVE-2024-28063: Kiteworks Totemomail through 7.. Allows Reflected XSS via EnvelopeOpenServlet

A newly discovered security vulnerability known as CVE-2024-28063 has been found to affect Kiteworks Totemomail up to and including version 7... This vulnerability allows for a cross-site scripting (XSS) attack, which is a major security risk as it can enable an attacker to run malicious scripts on a victim's browser. In this article, we will delve deep into the details of CVE-2024-28063, including the affected code snippet, links to original references, and exploit details.

Description

The CVE-2024-28063 vulnerability exists in Kiteworks Totemomail, allowing a reflected XSS attack through the path /responsiveUI/EnvelopeOpenServlet. This security risk enables an attacker to inject malicious scripts that could compromise user data, manipulate web content, and potentially even facilitate further attacks.

The issue is caused by the envelopeRecipient parameter not being properly sanitized, which allows an attacker to inject JavaScript code into the user's browser. Once this malicious code is executed, it can potentially lead to the attacker gaining unauthorized access to sensitive data, hijacking user sessions, or redirecting the victim to malicious websites.

Code Snippet

In the vulnerable servlet, the code fails to properly sanitize user input stored in the envelopeRecipient parameter. The following snippet demonstrates how an attacker could exploit this:

https://vulnerable_host/responsiveUI/EnvelopeOpenServlet?envelopeRecipient=<script>alert(document.cookie)</script>;

In this example, the JavaScript code <script>alert(document.cookie)</script> is injected as part of the request, returning a vulnerable response that displays an alert with the victim's cookie information.

Exploitation Details

To exploit this vulnerability, an attacker would only need to craft a malicious URL containing JavaScript code that would execute when a victim clicks or visits the URL. Here's how an attacker could craft a malicious URL to exploit this vulnerability and steal the user's session information:

1. Choose a malicious JavaScript payload. In this example, we will use a simple payload to display an alert with the user's session cookie:

<script>alert(document.cookie)</script>

Craft a malicious URL containing the payload

https://vulnerable_host/responsiveUI/EnvelopeOpenServlet?envelopeRecipient=<script>alert(document.cookie)</script>;

Share the malicious URL with the victim via phishing emails, social media, or other attack vectors.

4. The victim clicks on the malicious URL, and the crafted JavaScript payload is executed on their browser, potentially resulting in sensitive data disclosure, session hijacking, or further attacks.

Links to Original References

- NVD (National Vulnerability Database): https://nvd.nist.gov/vuln/detail/CVE-2024-28063
- CVE Details: https://www.cvedetails.com/cve/CVE-2024-28063/
- Mitre CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28063

Conclusion

CVE-2024-28063 is a significant security risk for users of Kiteworks Totemomail through version 7... This vulnerability enables an attacker to exploit a reflected XSS and execute malicious JavaScript on the victim's browser. Organizations using the affected software must take action to ensure user security and prevent unauthorized access to sensitive data. Updating to the latest software version and applying appropriate security configurations are crucial in mitigating the risk of exploitation.

Timeline

Published on: 05/18/2024 22:15:07 UTC
Last modified on: 07/03/2024 01:51:26 UTC