Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10867
HistoryJan 03, 2006 - 12:00 a.m.

[Full-disclosure] Open Xchange XSS

2006-01-0300:00:00
vulners.com
9
JSON

Open Xchange webmail (<=0.8.1-6) suffers from xss.
http://mirror.open-xchange.org/ox/EN/community/

Vendor response:
For the commercial OX you don't need this as there exists additional security
options where you will not able to use this session. It's a general problem for
all web based mailers and some of them try to filter such scripts, some of them
do not and show a warning instead that the document may contains "dangerous
content". But you will never be able to filter all possible scriptings.
Displaying HTML content is ALWAYS an unsecure option, so it is recommended to
disable "Inline HTML" at the WebMail options. Anyway, I will check if I can make
some basic filter to get most of such tags.

Cheers,
Thomas

JSON