CVE-2017-16962 Information
Feb 14, 2021
cve
Description
The WebMail components (Crystal pronto and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation (3) e-mail granting access to a directory that has JavaScript in its name (4) JavaScript in a note name (5) JavaScript in a task name or (6) HTML e-mail that is mishandled in the Inbox component.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://packetstormsecurity.com/files/145095/communigatepro-xss.txt https://www.exploit-db.com/exploits/43177/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: