Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30243
HistoryJan 19, 2014 - 12:00 a.m.

Open-Xchange Security Advisory 2014-01-17

2014-01-1900:00:00
vulners.com
28
JSON

Product: Open-Xchange AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 30357 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: 7.4.1 and earlier
Vulnerable component: backend
Fixed version: 7.2.2-rev29, 7.4.0-rev24, 7.4.1-rev11
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-12-17
Solution date: 2013-12-23
Public disclosure: 2014-01-17
CVE reference: CVE-2013-7141
CVSSv2: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:P/RL:U/RC:C/CDP:LM/TD:M/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Embedding Javascript code with certain "<%" tags can lead to script execution within the users context. This vulnerability is exclusive to users using Internet Explorer 9 or lower.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

Solution:
Users should update to the latest available patch releases. Users should avoid opening E-Mail attachments or files from untrusted sources. Users should avoid using outdated versions of Internet Explorer.

Internal reference: 30358 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: 7.4.1 and earlier
Vulnerable component: backend
Fixed version: 7.2.2-rev29, 7.4.0-rev24, 7.4.1-rev11
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-12-17
Solution date: 2013-12-23
Public disclosure: 2014-01-17
CVE reference: CVE-2013-7142
CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Embedding Javascript code with certain parameters of oAuth API calls can lead to reflected script execution within the users context and a trusted domain.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions like sending mail, deleting data etc. Also, the user may be lured to untrusted content while still working within the context of a trusted domain.

Solution:
Users should update to the latest available patch releases. Users should avoid opening hyperlinks from untrusted sources.

Internal reference: 30359 (Bug ID)
Vulnerability type: CWE-36: Absolute Path Traversal
Vulnerable version: 7.4.1 and earlier
Vulnerable component: backend
Fixed version: 7.2.2-rev29, 7.4.0-rev24, 7.4.1-rev11
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-12-17
Solution date: 2013-12-23
Public disclosure: 2014-01-17
CVE reference: CVE-2013-7140
CVSSv2: 7.4 (AV:N/AC:M/Au:S/C:C/I:N/A:N/E:P/RL:U/RC:C/CDP:MH/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Using forged requests against the CalDAV interface can be used to reveal file contents stored at the server system. The SAX builder used to deserialize posted XML bodies at the WebDAV interface was used with the default values, thus potentially vulnerable against XML external entity attacks (XXE).

Risk:
Content of the requested file is returned to the attacker. This can be used to spy on credentials, configuration or other sensitive data stored at the server.

Solution:
Users should update to the latest available patch releases. The CalDAV interface should be disabled until a solution is provided.

Internal reference: 30368 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: 7.4.1
Vulnerable component: frontend
Fixed version: 7.4.1-rev7
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-12-18
Solution date: 2013-12-23
Public disclosure: 2014-01-17
CVE reference: CVE-2013-7143
CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Embedding Javascript code with the title of a mail filter rule leads to execution of the embedded code. This enables a stored cross-site scripting vulnerability that may be used in conjunction with other vulnerabilities or social engineering that placed malicious code at the vulnerable location.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions like sending mail, deleting data etc.

Solution:
Users should update to the latest available patch releases. Users should not grant other users access to their account.

Related

cve 4
prion 4
openvas 1
securityvulns 1
cve
cve
CVE-2013-7142
2014-01-26 20:55:00
CVE-2013-7143
2014-01-26 20:55:00
CVE-2013-7141
2014-01-26 20:55:00
prion
prion
Cross site scripting
2014-01-26 20:55:00
Cross site scripting
2014-01-26 20:55:00
Path traversal
2014-01-26 20:55:00
openvas
openvas
Open-Xchange (OX) AppSuite HTML Injection Vulnerability Oct15
2015-10-06 00:00:00
securityvulns
securityvulns
OpenXchange crossite scripting
2014-03-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:30243
cve4prion4openvas1securityvulns1