what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Communigate Pro Cross Site Scripting

Communigate Pro Cross Site Scripting
Posted Jul 23, 2009
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Communigate Pro versions 5.2.14 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4e0228d024901ce8166756271e48ce39e5ac78dcf8b1da33e12d5ccc94c661ee

Communigate Pro Cross Site Scripting

Change Mirror Download
- Description
The Communigate Pro webmail framework is prone to a stored Cross Site
Scripting vulnerability through crafted plain text email messages.

- Affected version:
5.2.14 and prior as reported from Communigate:
https://www.communigate.com/cgatepro/History52.html

- Details
This vulnerability can be exploited if an attacker sends a plain text
message to the victim address containing a malicious crafted URL;
the internal parser fails to parse the malicious URL and executes
Javascript code every time user reads the message.
An attacker may be able to use this vulnerability to steal sensitive
information from a user's computer (e.g. current SessionID) or force
the user's computer to execute stealed operations.

- Example of crafted URL
https://www.example.com/&z="><script>alert(document.cookie)</script>&f=

- Patch
Install Communigate Pro 5.2.13
5.2.15 15-Jul-2009: * Bug Fix: WebUser: 5.1.2: links in plain text
messages could be processed incorrectly.

- Communigate
https://www.communigate.com/cgatepro/

--
Andrea Purificato
https://rawlab.mindcreations.com
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close