AOH :: HP Unsorted S :: BT-21339.HTM

Stored XSS on Communigate Pro 5.2.14 and prior versions



Stored XSS on Communigate Pro 5.2.14 and prior versions
Stored XSS on Communigate Pro 5.2.14 and prior versions



- Description
The Communigate Pro webmail framework is prone to a stored Cross Site
Scripting vulnerability through crafted plain text email messages.

- Affected version:
5.2.14 and prior as reported from Communigate:
http://www.communigate.com/cgatepro/History52.html 

- Details
This vulnerability can be exploited if an attacker sends a plain text
message to the victim address containing a malicious crafted URL;
the internal parser fails to parse the malicious URL and executes
Javascript code every time user reads the message.
An attacker may be able to use this vulnerability to steal sensitive
information from a user's computer (e.g. current SessionID) or force
the user's computer to execute stealed operations.

- Example of crafted URL
&f">http://www.example.com/&z=">&f 
- Patch
Install Communigate Pro 5.2.13
5.2.15 15-Jul-2009: * Bug Fix: WebUser: 5.1.2: links in plain text
messages could be processed incorrectly.

- Communigate
http://www.communigate.com/cgatepro/ 

-- 
Andrea Purificato
http://rawlab.mindcreations.com 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.