CVE-2022-37244: IFRAME Injection at ‘currentRequest’ Parameter
On June 05, the security team of Green Tick Nepal Pvt. Ltd. located in Kathmandu, Nepal discovered that MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injection via the currentRequest parameter, after login leads to inject malicious tag leads to IFRAME injection.
Proof of Concept
The Security Team of Green Tick Nepal Pvt. Ltd. published a Proof of Concept (POC) for MDaemon Technologies. The vulnerability was found in MDaemon SecurityGateway for Email Servers 8.5.2. It consists of one or more iFrame tags that have been inserted into a page or post’s content and typically downloads an executable program or conducts other actions that compromise the site visitors’ computers. It can allow an attacker to modify the page. To steal another person's identity.
- Sanitize all the user-supplied inputs before executing them. Your application code should never blindly output the result of input data received without validation.
- URL encoding must be done before inserting untrusted data into HTML URL parameter values.
- Encode CSS scripts and strict validation before inserting untrusted data into HTML style property values must be done.
|CVE-2022-37244||MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injection via the currentRequest parameter after login leads to inject malicious tag leads to IFRAME injection.||MDaemon Technologies SecurityGateway for Email Servers 8.5.2|
2022-06-05: Vulnerability found.
2022-06-06: Vendor contacted.
2022-07-06: Vendor acknowledged and asked for one month time for public disclosure.
2022-07-26: Vendor released Security Notes.
2022-07-27: Requested for CVE.
2022-08-26: CVE Published.