Thread-topic: CommuniGate Pro web mail persistent cross-sitescripting vulnerability
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf
> Of Alla Bezroutchko
> Sent: Sunday, May 13, 2007 1:00 AM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] CommuniGate Pro web mail
> persistent cross-sitescripting vulnerability
>
> 1) Summary
>
> Affected software: Stalker CommuniGate Pro version 5.1.8 and below
> Vendor URL: www.stalker.com
> Severity: Medium
>
> 2) Vulnerability Description
>
> CommuniGate Pro is a communication server supporting a large number of
> protocols. It includes a web mail system. The web mail system suffers
> from a persistent cross-site scripting vulnerability. Web mail
> application fails to sanitize incoming HTML emails properly.
> An attacker
> can send a specially crafted email message to a user of
> CommuniGate Pro.
> When the user views the attacker's message using web mail client and
> Internet Explorer, the JavaScript embedded into attacker's
> message gets
> executed. The attacker can use JavaScript code to perform any actions
> in the web mail on behalf of the user, for example change settings,
> steal messages, etc.
>
> 3) Verification
>
> Send an HTML email message containing the following code and view it
> with Internet Explorer using CommuniGate Pro web mail client:
>
> <STYLE>@im\port'\ja\vasc\ript:alert("XSS in message body (style using
> import)")';</STYLE>
>
> 4) Solution
>
> Upgrade to CommuniGate Pro version 5.1.9.
>
> 5) Time Table
>
> 2005/11/18 Vendor was informed
> 2005/11/19 Vendor replied saying that they will investigate the report
> 2007/04/30 Vendor was notified again
> 2007/05/12 Vendor releases fixed version
> 2007/05/12 Scanit publishes advisory
>
> 6) Additional Information
>
> * The original advisory can be found here:
>
> * An automatic tool for checking for cross-site scripting problems
> in web mail systems can be downloaded here:
>
> * Special thanks to RSnake for his XSS cheatsheet
> ()
>
>
> 7) About Scanit
>
> Scanit is a security company located in Brussels, Belgium. We
> specialise
> in security assessments, offering services such as penetration tests,
> application source code reviews, and risk assessments. More
> information
> can be found at
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> Hosted and sponsored by Secunia -
>
