Description The Communigate Pro webmail framework is prone to a stored Cross Site Scripting vulnerability through crafted plain text email messages.
Affected version: 5.2.14 and prior as reported from Communigate: http://www.communigate.com/cgatepro/History52.html
Example of crafted URL http://www.example.com/&z="><script>alert(document.cookie)</script>&f=
Patch Install Communigate Pro 5.2.13 5.2.15 15-Jul-2009: * Bug Fix: WebUser: 5.1.2: links in plain text messages could be processed incorrectly.
-- Andrea Purificato http://rawlab.mindcreations.com