2 matches found
CVE-2017-16962
Summary: CVE-2017-16962 affects CommuniGate Pro WebMail Crystal, pronto, and pronto4 components before version 6.2.1. The issue is a stored cross-site scripting (XSS) vulnerability. An attacker can craft calendar invitations or items that trigger scripts when rendered by WebMail, via vectors incl...
CVE-2018-18621
CVE-2018-18621 affects CommuniGate Pro 6.2 via a stored XSS in Pronto! Mail Composer. The vulnerability occurs when the raw email link (in .txt format) is modified and renamed with a .html or .wssp extension, and the malformed message body is mishandled by /MIME/INBOX-MM-1/. Documented impact is ...