- Description
The Communigate Pro webmail framework is prone to a stored Cross Site
Scripting vulnerability through crafted plain text email messages.

- Affected version:
5.2.14 and prior as reported from Communigate:
http://www.communigate.com/cgatepro/History52.html

- Details
This vulnerability can be exploited if an attacker sends a plain text
message to the victim address containing a malicious crafted URL;
the internal parser fails to parse the malicious URL and executes
Javascript code every time user reads the message.
An attacker may be able to use this vulnerability to steal sensitive
information from a user's computer (e.g. current SessionID) or force
the user's computer to execute stealed operations.

- Example of crafted URL
http://www.example.com/&z="><script>alert(document.cookie)</script>&f=

- Patch
Install Communigate Pro 5.2.13
5.2.15 15-Jul-2009: * Bug Fix: WebUser: 5.1.2: links in plain text
messages could be processed incorrectly.

- Communigate
http://www.communigate.com/cgatepro/

-- 
Andrea Purificato
http://rawlab.mindcreations.com