SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting

What is the "SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting?"

The "SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the SquirrelMail Virtual Keyboard plugin version 0.9.1 and earlier. This plugin allows users to input text using a virtual keyboard. The severity of this vulnerability is classified as medium.

Impact

A cross-site scripting vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. In the case of the SquirrelMail Virtual Keyboard plugin, this vulnerability could be exploited to execute arbitrary code or steal sensitive information from users.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint: /plugins/vkeyboard/vkeyboard.php?passformname=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E. It then applies several matching conditions to determine if the vulnerability is present:

- The response status code must be 200. - The response body must contain the string </script><script>alert(document.domain)</script>. - The response header must contain the string text/html.

If all the matching conditions are met, the module reports the vulnerability.

Author: dhiyaneshDk

CWE-ID: CWE-80

CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS-Score: 5.4