Vulnerability Description
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Communigate | Communigate Pro | < 6.2.1 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/145095/communigatepro-xss.txtThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/43177/ExploitThird Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/145095/communigatepro-xss.txtThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/43177/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-16962?
CVE-2017-16962 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a craft...
How severe is CVE-2017-16962?
CVE-2017-16962 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16962?
Check the references section above for vendor advisories and patch information. Affected products include: Communigate Communigate Pro.