| VID |
22446 |
| Severity |
30 |
| Port |
8100 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The CommuniGate Pro server, according to its banner, has a cross-site scripting vulnerability in the Web mail server. CommuniGate Pro is a communication server supporting a large number of protocols. It includes a web mail system. The web mail system in CommuniGate Pro versions 5.1.8 and earlier is vulnerable to a cross-site scripting vulnerability, caused by improper validation of user-supplied input by the Web mail client. A remote attacker could exploit this vulnerability using a specially-crafted style tag to inject arbitrary HTML and script code into a user's browser to be evaluated within the security context of the affected web site.
* Note: If this check solely relied on the banner of the remote HTTP server to assess this vulnerability, then this might be a false positive.
* References:
http://www.communigate.com/CommuniGatePro/History51.html
http://www.scanit.be/advisory-2007-05-12.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0186.html
http://securitytracker.com/alerts/2007/May/1018048.html
http://www.frsirt.com/english/advisories/2007/1795
http://secunia.com/advisories/25250
* Platforms Affected:
Stalker Software Inc., CommuniGate Pro versions 5.1.8 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of CommuniGate (5.1.9 or later), available from the CommuniGate Web site at http://www.stalker.com/content/default.html |
| Related URL |
CVE-2007-2718 (CVE) |
| Related URL |
23950 (SecurityFocus) |
| Related URL |
34266 (ISS) |
|
