CVE-2013-6037

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in index.php of Aker Secure Mail Gateway version 2.5.2 and earlier. The msg_id parameter is not properly sanitized before being reflected back to the user, allowing injection of arbitrary HTML and JavaScript. This occurs because the input is directly embedded in the page output without encoding or validation. No authentication or special configuration is required to reach the vulnerable code path; any visitor to the web interface can trigger it via a crafted URL [1].

Exploitation

An attacker can exploit this vulnerability by crafting a URL containing malicious script in the msg_id parameter. The attacker must convince a victim to click the crafted link (e.g., via phishing or social engineering) while the victim is accessing the Aker Secure Mail Gateway web interface. No prior authentication is needed; the attack is reflected and requires user interaction. The exploit works across modern browsers, as the injected script executes in the context of the vulnerable website [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script in the victim’s browser session within the security context of the Aker Secure Mail Gateway domain. This can lead to information disclosure (e.g., session tokens, sensitive data), defacement, or phishing attacks. The CVSS base score is 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N), reflecting partial confidentiality impact with medium access complexity [1].

Mitigation

The vendor released a hotfix to address this vulnerability. Users should upgrade to the latest version immediately. As a workaround, restrict access to the web interface to trusted hosts and networks only. However, restricting access does not prevent XSS attacks that rely on a legitimate user’s session; it only limits network exposure. The vulnerability is not listed in CISA’s KEV as of publication date [1].