Detections
Analytics

CommuniGate Pro WebMail < 5.2.15 XSS

medium Nessus Plugin ID 40418

Language:

Synopsis

The remote web server is affected by a cross-site scripting vulnerability.

Description

According to its banner, the remote web server is from a version of CommuniGate Pro older than 5.2.15. The webmail component of such versions fails to correctly parse plaintext email messages containing malicious URL links before displaying the message to the user. By sending a specially crafted email message to the victim's email address, an attacker may be able to leverage this issue to execute arbitrary JavaScript code within the user's browser session every time the email message is read.

Solution

Upgrade to CommuniGate Pro 5.2.15 or later.

See Also

http://www.nessus.org/u?3ba42c1d

https://seclists.org/bugtraq/2009/Jul/173

http://www.communigate.com/cgatepro/History52.html

Plugin Details

Severity: Medium

ID: 40418

File Name: communigatepro_5_2_15.nasl

Version: 1.14

Type: remote

Published: 7/29/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:communigate:communigate_pro_core_server

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/15/2009

Vulnerability Publication Date: 7/23/2009

Reference Information

BID: 35783

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

Secunia: 35969