Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17012
HistoryMay 14, 2007 - 12:00 a.m.

[Full-disclosure] CommuniGate Pro web mail persistent cross-site scripting vulnerability

2007-05-1400:00:00
vulners.com
55
JSON

1) Summary

Affected software: Stalker CommuniGate Pro version 5.1.8 and below
Vendor URL: www.stalker.com
Severity: Medium

2) Vulnerability Description

CommuniGate Pro is a communication server supporting a large number of
protocols. It includes a web mail system. The web mail system suffers
from a persistent cross-site scripting vulnerability. Web mail
application fails to sanitize incoming HTML emails properly. An attacker
can send a specially crafted email message to a user of CommuniGate Pro.
When the user views the attacker's message using web mail client and
Internet Explorer, the JavaScript embedded into attacker's message gets
executed. The attacker can use JavaScript code to perform any actions
in the web mail on behalf of the user, for example change settings,
steal messages, etc.

3) Verification

Send an HTML email message containing the following code and view it
with Internet Explorer using CommuniGate Pro web mail client:

<STYLE>@im\port'\ja\vasc\ript:alert("XSS in message body (style using
import)")';</STYLE>

4) Solution

Upgrade to CommuniGate Pro version 5.1.9.

5) Time Table

2005/11/18 Vendor was informed
2005/11/19 Vendor replied saying that they will investigate the report
2007/04/30 Vendor was notified again
2007/05/12 Vendor releases fixed version
2007/05/12 Scanit publishes advisory

6) Additional Information

* The original advisory can be found here:

http://www.scanit.be/advisory-2007-05-12.html
* An automatic tool for checking for cross-site scripting problems
in web mail systems can be downloaded here: http://www.scanit.be/excess.html
* Special thanks to RSnake for his XSS cheatsheet
(http://ha.ckers.org/xss.html&#41;

7) About Scanit

Scanit is a security company located in Brussels, Belgium. We specialise
in security assessments, offering services such as penetration tests,
application source code reviews, and risk assessments. More information
can be found at http://www.scanit.be/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON