CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user other attacks are also possible. Versions prior to CommuniGate Pro 5.2.15 are vulnerable.
The vendor released an update to address this issue please see the references for more information.
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
- Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- Check for IIS .cnf file leakage