Reflected XSS in Kaspersky Security for Linux Mail Server

We are proud to share insights on a recent pentest during which we effectively uncovered a high-severity issue in a Kaspersky product. Our team’s diligent efforts led to the discovery and resolution of CVE-2024-1619, a high severity vulnerability, reflected XSS in Kaspersky Security for Linux Mail Server. 


Reflected XSS attacks compromise user data and session integrity, enable phishing, and facilitate malware distribution, significantly undermining user trust and application security.

During a recent un-authenticated pentest we discovered a reflected XSS vulnerability in Kaspersky Security for Linux Mail Server v8. There was no input validation/output encoding on the GET action parameter. We have reached out to Kaspersky to ethically disclose this issue.

Reflected XSS in Kaspersky Security for Linux Mail Server

Resolution

Mitigating reflected XSS vulnerabilities typically involves encoding user input on the server side or within the application’s responses so that special characters do not execute as part of the HTML or JavaScript. Content Security Policy (CSP) offers an additional layer of defense by restricting the sources which can execute scripts. Regular security assessments, including penetration testing and code reviews, are essential in identifying and rectifying XSS vulnerabilities.

The Kaspersky team has patched this vulnerability in Kaspersky Security for Linux Mail Server v8, v10 of this product (available only in Russia) is not vulnerable.

For administrators unable to update immediately, Kaspersky recommends a precautionary approach. Use two separate browsers: one for managing the application and another for accessing third-party websites. 

However, for a comprehensive solution, updating to the latest version is strongly recommended.

A Thank You to Kaspersky 

We extend our heartfelt gratitude to the Kaspersky team for their cooperation and prompt response throughout this collaboration. Their commitment to security aligns with our values, and together, we reinforce the foundations of a secure online environment.

Reference 

https://support.kaspersky.com/vulnerability/list-of-advisories/12430#010224

About Post Author