← back
CVE-2017-16962

CVE-2017-16962

EPSS 2.2%
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/145095/communigatepro-xss.txtunverifiedcve_referencewww.exploit-db.com/exploits/43177/unverifiedexploitdbwww.exploit-db.com/exploits/43177unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://packetstormsecurity.com/files/145095/communigatepro-xss.txthttps://www.exploit-db.com/exploits/43177/