CVEブラウザに戻る

CVE-2018-18621

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1050%

EPSS Percentile3.79th

Published2018年10月24日

Last Modified2024年11月21日

Vulnerability Description

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension.

Affected Platforms (CPE)

📦

Communigate

Communigate Pro

= 6.2

References & Advisories

🔗 http://packetstormsecurity.com/files/149916/CommuniGatePro-Pronto-Webmail-6.2-Cross-Site-Scripting.html

🔗 https://drive.google.com/drive/folders/1irWaVi-AySHFFMap5pF1_7hk6mTeemDT

🔗 http://packetstormsecurity.com/files/149916/CommuniGatePro-Pronto-Webmail-6.2-Cross-Site-Scripting.html

🔗 https://drive.google.com/drive/folders/1irWaVi-AySHFFMap5pF1_7hk6mTeemDT

関連する脆弱性情報

CVE-2006-04687.5

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra...

CVE-2017-169626.1

The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the ...

CVE-2003-14815.8

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote ...

CVE-2018-38155.7

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers f...