CVE-2022-37244: IFRAME Injection at ‘currentRequest’ Parameter

Description

On June 05, the security team of Green Tick Nepal Pvt. Ltd. located in Kathmandu, Nepal discovered that MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injection via the currentRequest parameter, after login leads to inject malicious tag leads to IFRAME injection.

Proof of Concept

The Security Team of Green Tick Nepal Pvt. Ltd. published a Proof of Concept (POC) for MDaemon Technologies. The vulnerability was found in MDaemon SecurityGateway for Email Servers 8.5.2. It consists of one or more iFrame tags that have been inserted into a page or post’s content and typically downloads an executable program or conducts other actions that compromise the site visitors’ computers. It can allow an attacker to modify the page. To steal another person's identity.

Solution

Sanitize all the user-supplied inputs before executing them. Your application code should never blindly output the result of input data received without validation.
URL encoding must be done before inserting untrusted data into HTML URL parameter values.
JavaScript encoding must be done before inserting untrusted data into JavaScript data values.
Encode CSS scripts and strict validation before inserting untrusted data into HTML style property values must be done.

CVE-ID	Description	Products
CVE-2022-37244	MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injection via the currentRequest parameter after login leads to inject malicious tag leads to IFRAME injection.	MDaemon Technologies SecurityGateway for Email Servers 8.5.2