header-logo
Suggest Exploit
vendor:
CommuniGate Pro
by:
7.5
CVSS
HIGH
HTML-injection
79
CWE
Product Name: CommuniGate Pro
Affected Version From: 5.1.2008
Affected Version To: 5.1.2008
Patch Exists: NO
Related CWE:
CPE: a:stalker:communigate_pro:5.1.8
Metasploit:
Other Scripts:
Platforms Tested:

HTML-injection vulnerability in CommuniGate Pro

The CommuniGate Pro software fails to sufficiently sanitize user-supplied input, which allows an attacker to inject HTML and script code into the affected site. This can lead to various attacks such as stealing authentication credentials or controlling the rendering of the site.

Mitigation:

The vendor has not provided a specific mitigation or remediation for this vulnerability. It is recommended to update to a patched version of CommuniGate Pro.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23950/info

CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

CommuniGate Pro 5.1.8 and earlier versions are vulnerable to this issue.

Note that this issue is present only when using Microsoft Internet Explorer. 

<STYLE>@im\port'\ja\vasc\ript:alert("XSS in message body (style using import)")';</STYLE>

Navigation

Suggest Exploit

Services By CQR