CommuniGate Pro web mail persistent cross-site scripting vulnerability
Author
Alla BezroutchkoSummary
Affected software: Stalker CommuniGate Pro version 5.1.8 and belowVendor URL: www.stalker.com
Severity: Medium
Vulnerability Description
CommuniGate Pro is a communication server supporting a large number of protocols. It includes a web mail system. The web mail system suffers from a persistent cross-site scripting vulnerability. Web mail application fails to sanitize incoming HTML emails properly. An attacker can send a specially-crafted email message to a user of CommuniGate Pro. When the user views the attacker's message using web mail client and Internet Explorer, the JavaScript embedded into attacker's message gets executed. The attacker can use JavaScript code to perform any actions in the web mail on behalf of the user, for example change settings, steal messages, etc.Verification
Send an HTML email message containing the following code and view it with Internet Explorer using CommuniGate Pro web mail client:<STYLE>@im\port'\ja\vasc\ript:alert("XSS in message body (style using import)")';</STYLE>
Solution
Upgrade to CommuniGate Pro version 5.1.9.Time Table
2005/11/18 Vendor was informed2005/11/19 Vendor replied saying that they will investigate the report
2007/04/30 Vendor was notified again
2007/05/12 Vendor releases fixed version
2007/05/12 Scanit publishes advisory
Additional Information
- The original advisory can be found here: http://www.scanit.be/advisory-2007-05-12.html
- An automatic tool for checking for cross-site scripting problems in web mail systems can be downloaded here.