{"api_version":"1","generated_at":"2026-04-24T03:47:47+00:00","cve":"CVE-2007-2718","urls":{"html":"https://cve.report/CVE-2007-2718","api":"https://cve.report/api/cve/CVE-2007-2718.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2718","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2718"},"summary":{"title":"CVE-2007-2718","description":"Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-05-16 19:28:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://osvdb.org/36017","name":"http://osvdb.org/36017","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/23950","name":"http://www.securityfocus.com/bid/23950","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"CommuniGate Pro Web Mail HTML Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.scanit.be/advisory-2007-05-12.html","name":"http://www.scanit.be/advisory-2007-05-12.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Scanit - CommuniGate Pro web mail persistent cross-site scripting vulnerability","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1795","name":"http://www.vupen.com/english/advisories/2007/1795","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25250","name":"http://secunia.com/advisories/25250","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"CommuniGate Pro WebMail Script Insertion Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34266","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34266","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=full-disclosure&m=117900749209206&w=2","name":"http://marc.info/?l=full-disclosure&m=117900749209206&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'[Full-disclosure] CommuniGate Pro web mail persistent cross-site' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018048","name":"http://www.securitytracker.com/id?1018048","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"SecurityTracker.com Archives - CommuniGate Pro Input Validation Hole in Style Tags Permits Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.communigate.com/CommuniGatePro/History51.html","name":"http://www.communigate.com/CommuniGatePro/History51.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CommuniGate Pro Server: Version 5.1 Revision History","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2718","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2718","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2718","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"internet_explorer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2718","vulnerable":"1","versionEndIncluding":"5.1.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"stalker","cpe5":"communigate_pro","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:49:57.308Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1018048","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018048"},{"name":"36017","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/36017"},{"name":"25250","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/25250"},{"name":"ADV-2007-1795","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1795"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.scanit.be/advisory-2007-05-12.html"},{"name":"communigate-mail-xss(34266)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34266"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.communigate.com/CommuniGatePro/History51.html"},{"name":"20070512 CommuniGate Pro web mail persistent cross-site scripting vulnerability","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://marc.info/?l=full-disclosure&m=117900749209206&w=2"},{"name":"23950","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/23950"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1018048","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018048"},{"name":"36017","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/36017"},{"name":"25250","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/25250"},{"name":"ADV-2007-1795","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1795"},{"tags":["x_refsource_MISC"],"url":"http://www.scanit.be/advisory-2007-05-12.html"},{"name":"communigate-mail-xss(34266)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34266"},{"tags":["x_refsource_MISC"],"url":"http://www.communigate.com/CommuniGatePro/History51.html"},{"name":"20070512 CommuniGate Pro web mail persistent cross-site scripting vulnerability","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://marc.info/?l=full-disclosure&m=117900749209206&w=2"},{"name":"23950","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/23950"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2718","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1018048","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018048"},{"name":"36017","refsource":"OSVDB","url":"http://osvdb.org/36017"},{"name":"25250","refsource":"SECUNIA","url":"http://secunia.com/advisories/25250"},{"name":"ADV-2007-1795","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1795"},{"name":"http://www.scanit.be/advisory-2007-05-12.html","refsource":"MISC","url":"http://www.scanit.be/advisory-2007-05-12.html"},{"name":"communigate-mail-xss(34266)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34266"},{"name":"http://www.communigate.com/CommuniGatePro/History51.html","refsource":"MISC","url":"http://www.communigate.com/CommuniGatePro/History51.html"},{"name":"20070512 CommuniGate Pro web mail persistent cross-site scripting vulnerability","refsource":"FULLDISC","url":"http://marc.info/?l=full-disclosure&m=117900749209206&w=2"},{"name":"23950","refsource":"BID","url":"http://www.securityfocus.com/bid/23950"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2718","datePublished":"2007-05-16T19:00:00.000Z","dateReserved":"2007-05-16T00:00:00.000Z","dateUpdated":"2024-08-07T13:49:57.308Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-16 19:28:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*","matchCriteriaId":"8682FAF3-98E3-485C-89CB-C0358C4E2AB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:stalker:communigate_pro:*:*:*:*:*:*:*:*","versionEndIncluding":"5.1.8","matchCriteriaId":"18C48639-95E7-4659-90DD-5EF49750CFD9"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2718","Ordinal":"1","Title":"CVE-2007-2718","CVE":"CVE-2007-2718","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2718","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.","Type":"Description","Title":"CVE-2007-2718"},{"CveYear":"2007","CveId":"2718","Ordinal":"2","NoteData":"2007-05-16","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2718","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}