Computer Security
[EN] securityvulns.ru no-pyccku


OpenXchange crossite scripting
updated since 08.01.2014
Published:24.03.2014
Source:
SecurityVulns ID:13485
Type:remote
Threat Level:
5/10
Description:Crossite scripting on MS Office and EML documents viewing.
CVE:CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.)
 CVE-2014-1679 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.)
 CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.)
 CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers.")
Original documentdocumentOPENXCHANGE, Open-Xchange Security Advisory 2014-02-10 (24.03.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-03-17 (24.03.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-01-17 (19.01.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-01-06 (08.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod