Computer Security
[EN] securityvulns.ru no-pyccku


OpenXchange XSS
Published:13.01.2015
Source:
SecurityVulns ID:14207
Type:remote
Threat Level:
5/10
Description:Dangerous content from application/xhtml+xml is not removed.
Affected:OPENXCHANGE : Open-Xchange 7.6
CVE:CVE-2014-8993 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.)
Original documentdocumentOPENXCHANGE, Open-Xchange Security Advisory 2015-01-05 (13.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod