Computer Security
[EN] securityvulns.ru no-pyccku


Open-Xchange multiple security vulnerabilities
Published:15.10.2014
Source:
SecurityVulns ID:14022
Type:remote
Threat Level:
6/10
Description:XSS, directory traversal, SSRF, restrictions bypass.
Affected:OPENXCHANGE : Open-Xchange 7.6
CVE:CVE-2014-5238
 CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.)
 CVE-2014-5236
 CVE-2014-5235 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.)
 CVE-2014-5234 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.)
Original documentdocumentOPENXCHANGE, Open-Xchange Security Advisory 2014-09-15 (15.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod