Summary
CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user
other attacks are also possible.
Versions prior to CommuniGate Pro 5.2.15 are vulnerable.
Solution
The vendor released an update to address this issue please see the
references for more information.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
- bozohttpd Security Bypass Vulnerability
- IBM WebSphere Application Server Administration Console DoS vulnerability
- Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities