CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability Network Vulnerability

Summary

CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user other attacks are also possible. Versions prior to CommuniGate Pro 5.2.15 are vulnerable.

Solution

The vendor released an update to address this issue please see the references for more information.

References

http://www.communigate.com/cgatepro/History52.html
http://www.securityfocus.com/archive/1/505211
http://www.securityfocus.com/bid/35783
http://www.stalker.com/CommuniGatePro/default.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
Apache Tomcat Hash Collision Denial Of Service Vulnerability
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
Check for bdir.htr files
Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability

Take action and discover your vulnerabilities