CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18621

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile3.79th
PublishedOct 24, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension.

Affected Platforms (CPE)

πŸ“¦
Communigate

Communigate Pro

= 6.2

References & Advisories

πŸ”— http://packetstormsecurity.com/files/149916/CommuniGatePro-Pronto-Webmail-6.2-Cross-Site-Scripting.html
πŸ”— https://drive.google.com/drive/folders/1irWaVi-AySHFFMap5pF1_7hk6mTeemDT
πŸ”— http://packetstormsecurity.com/files/149916/CommuniGatePro-Pronto-Webmail-6.2-Cross-Site-Scripting.html
πŸ”— https://drive.google.com/drive/folders/1irWaVi-AySHFFMap5pF1_7hk6mTeemDT

Related Vulnerabilities

CVE-2006-04687.5

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra...

CVE-2017-169626.1

The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the ...

CVE-2003-14815.8

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote ...

CVE-2018-38155.7

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers f...