CVE-2017-16962
Last modified
CVE-2017-16962 is a vulnerability of currently unknown severity. The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.. EPSS estimates a 2.19% chance of exploitation in the next 30 days.
Description
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Communigate | Communigate Pro | < 6.2.1 |
References
- https://packetstormsecurity.com/files/145095/communigatepro-xss.txtThird Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/43177/Exploit, Third Party Advisory, VDB Entry
- https://packetstormsecurity.com/files/145095/communigatepro-xss.txtThird Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/43177/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-16962?
How severe is CVE-2017-16962?
How do I fix CVE-2017-16962?
Are you affected by CVE-2017-16962?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST