Stored XSS on Communigate Pro 5.2.14 and prior versions

2009-07-24T00:00:00
ID SECURITYVULNS:DOC:22211
Type securityvulns
Reporter Securityvulns
Modified 2009-07-24T00:00:00

Description

  • Description The Communigate Pro webmail framework is prone to a stored Cross Site Scripting vulnerability through crafted plain text email messages.

  • Affected version: 5.2.14 and prior as reported from Communigate: http://www.communigate.com/cgatepro/History52.html

  • Details This vulnerability can be exploited if an attacker sends a plain text message to the victim address containing a malicious crafted URL; the internal parser fails to parse the malicious URL and executes Javascript code every time user reads the message. An attacker may be able to use this vulnerability to steal sensitive information from a user's computer (e.g. current SessionID) or force the user's computer to execute stealed operations.

  • Example of crafted URL http://www.example.com/&z="><script>alert(document.cookie)</script>&f=

  • Patch Install Communigate Pro 5.2.13 5.2.15 15-Jul-2009: * Bug Fix: WebUser: 5.1.2: links in plain text messages could be processed incorrectly.

  • Communigate http://www.communigate.com/cgatepro/

-- Andrea Purificato http://rawlab.mindcreations.com