BID:23950

CommuniGate Pro Web Mail HTML Injection Vulnerability

Info

CommuniGate Pro Web Mail HTML Injection Vulnerability

Bugtraq ID:	23950
Class:	Input Validation Error
CVE:	CVE-2007-2718
Remote:	Yes
Local:	No
Published:	May 12 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Alla Bezroutchko is credited with the discovery of this vulnerability.
Vulnerable:	Stalker Communigate Pro 5.1.8 Stalker Communigate Pro 5.0.8 Stalker Communigate Pro 5.0.7 Stalker Communigate Pro 5.0.6 Stalker Communigate Pro 4.3 c3 Stalker Communigate Pro 4.3 c2 Stalker Communigate Pro 4.3 c1 Stalker Communigate Pro 4.0.6 Stalker Communigate Pro 4.0.3 Stalker Communigate Pro 4.0.2 Stalker Communigate Pro 4.0.1 Stalker Communigate Pro 4.0 b3 Stalker Communigate Pro 4.0 b2 Stalker Communigate Pro 4.0 .1b2 Stalker Communigate Pro 3.4 b3 Stalker Communigate Pro 3.3.2 Stalker Communigate Pro 3.3 b2 - Linux kernel 2.3 .x - Linux kernel 2.2 .x - Linux kernel 2.1 .x Stalker Communigate Pro 3.3 b1 - Linux kernel 2.3 .x - Linux kernel 2.2 .x - Linux kernel 2.1 .x Stalker Communigate Pro 3.2.4 - BSDI BSD/OS 4.0 - BSDI BSD/OS 3.0 - BSDI BSD/OS 2.0 - Digital UNIX 4.0 - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.0 - FreeBSD FreeBSD 3.5 - FreeBSD FreeBSD 3.4 - FreeBSD FreeBSD 3.3 - FreeBSD FreeBSD 3.2 - FreeBSD FreeBSD 3.1 - HP HP-UX 11.0 - HP HP-UX 10.0 - IBM AIX 4.3 - IBM AIX 4.2 - IBM AIX 4.1 - Linux kernel 2.3 .x - Linux kernel 2.2 .x - Linux kernel 2.1 .x - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - SCO Unixware 7.1 - SCO Unixware 7.0 - SGI IRIX 6.5 - SGI IRIX 6.4 - SGI IRIX 6.3 - SGI IRIX 6.2 - SGI IRIX 6.1 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 Stalker Communigate Pro 3.2 b7 Stalker Communigate Pro 3.2 b5 Stalker Communigate Pro 3.1 - BSDI BSD/OS 4.0 - BSDI BSD/OS 3.0 - BSDI BSD/OS 2.0 - Digital UNIX 4.0 - FreeBSD FreeBSD 3.3 - FreeBSD FreeBSD 3.2 - FreeBSD FreeBSD 3.1 - FreeBSD FreeBSD 3.0 - HP HP-UX 10.0 - IBM AIX 4.3 - IBM AIX 4.2 - IBM AIX 4.1 - Linux kernel 2.3 - Linux kernel 2.2 - Linux kernel 2.1 - Linux kernel 2.0 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - SCO Unixware 7.1 - SCO Unixware 7.0 - SGI IRIX 6.5 - SGI IRIX 6.4 - SGI IRIX 6.3 - SGI IRIX 6.2 - SGI IRIX 6.1 - SGI IRIX 6.0 - Sun Solaris 7.0_x86 - Sun Solaris 7.0

Not Vulnerable:	Stalker Communigate Pro 5.1.9

Discussion

CommuniGate Pro Web Mail HTML Injection Vulnerability

CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

CommuniGate Pro 5.1.8 and earlier versions are vulnerable to this issue.

Note that this issue is present only when using Microsoft Internet Explorer.

Exploit / POC

CommuniGate Pro Web Mail HTML Injection Vulnerability

Attackers can use an email client to exploit this issue.

A sample exploit has been provided:

/data/vulnerabilities/exploits/23950.html

Solution / Fix

CommuniGate Pro Web Mail HTML Injection Vulnerability

Solution:
The vendor has released CommuniGate Pro 5.1.9 to address this issue; please see the references for details.

Stalker Communigate Pro 3.1