Communigate XSS

Type

CommuniGate Pro - Webmail XSS Session Hijacking Vulnerability

Severity

High

Affected products

CommuniGate Pro

Date

2007-02-27

CVE Reference

The CommuniGate Pro application provides a web based application allowing users to retrieve emails using a web browser. However, email content is not sufficiently sanitised and can result in the execution of arbitrary scripts. On accessing the web interface of the application the user is assigned a session ID, by sending a specially crafted email an attacker would be able to trick the user into transmitting their session ID to the attacker.