Yaroslav Polyakov

**Name of the Vulnerable Software and Affected Versions** CommuniGate Pro versions 3.1 through 4.0.6 **Description** The issue allows remote attackers to hijack mail sessions. This can be achieved by sending an e-mail with an IMG tag that references a malicious URL, which captures the session ID sent in the referer field for an HTTP request for an image. **Recommendations** For CommuniGate Pro versions 3.1 through 4.0.6, consider disabling the use of session IDs in HTTP requests until a patch is available. Restrict access to sensitive mail sessions to minimize the risk of exploitation. Avoid using IMG tags in e-mails that could potentially reference malicious URLs.