CyberSec.Space Logo
Back to CVE Browser

CVE-2017-16962

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1260%
EPSS Percentile32.94th
PublishedNov 27, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.

Affected Platforms (CPE)

πŸ“¦
Communigate

Communigate Pro

< 6.2.1

References & Advisories

πŸ”— https://packetstormsecurity.com/files/145095/communigatepro-xss.txt
πŸ”— https://www.exploit-db.com/exploits/43177/
πŸ”— https://packetstormsecurity.com/files/145095/communigatepro-xss.txt
πŸ”— https://www.exploit-db.com/exploits/43177/

Related Vulnerabilities

CVE-2006-04687.5

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra...

CVE-2018-186216.1

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the...

CVE-2003-14815.8

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote ...

CVE-2018-38155.7

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers f...