""ET WEB_SPECIFIC_APPS Roundcube Webmail XSS Attempt (CVE-2023-5631)""

SID: 2049139

Revision: 1

Class Type: attempted-user

Metadata: affected_product Roundcube, attack_target Client_Endpoint, created_at 2023_11_08, cve CVE_2023_5631, deployment Perimeter, deployment SSLDecrypt, signature_severity Major, tag XSS, updated_at 2023_11_08

Reference:

  • cve

  • 2023-5631

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

  • Value: "200"

  • Value: ""

  • Value: "<use href=|22|data:image/"

  • Value: "|3b|base64"

  • Value: ""

Within:

PCRE: "/<use href=|22|data:image\/s[ \t\n]{1,}vg+xml|2b|base64,/Ri"

Special Options:

  • http_stat_code

  • file_data

source