Lucene search
+L

CVE-2013-1646

🗓️ 05 Sep 2013 10:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 56 Views🌐 WEB

CVE-2013-1646 Open-Xchange Server XSS vulnerabilities pre-rev14, 6.22.0 pre-rev13, 6.22.1 pre-rev1

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
zdt
Open-Xchange Server 6 - Multiple Vulnerabilities
15 Mar 201300:00
zdt
cvelist
CVE-2013-1646
5 Sep 201310:00
cvelist
exploitdb
Open-Xchange Server 6 - Multiple Vulnerabilities
15 Mar 201300:00
exploitdb
euvd
EUVD-2013-1677
7 Oct 202500:30
euvd
exploitpack
Open-Xchange Server 6 - Multiple Vulnerabilities
15 Mar 201300:00
exploitpack
nvd
CVE-2013-1646
5 Sep 201311:44
nvd
openvas
Open-Xchange Server Multiple Vulnerabilities (Mar 2013) - Active Check
18 Mar 201300:00
openvas
packetstorm
Open-Xchange 6 XSS / LFI / SSRF / Hashing
14 Mar 201300:00
packetstorm
prion
Cross site scripting
5 Sep 201311:44
prion
redhatcve
CVE-2013-1646
22 May 202500:29
redhatcve
Rows per page
ParameterPositionPathDescriptionCWE
json_0request bodyajax/mailXSS via invalid JSON data in mail-sending POST requestCWE-79
fooquery paramservlet/TestServletTestServlet parameter can be used to inject arbitrary JavaScript in context of the OX URLCWE-79
secretquery parampublications/files/10/meh!/66/currentHTML/JS content in infostore publication file can lead to XSS when openedCWE-79
content_dispositionquery parampublications/files/10/meh!/66/currentHTML/JS content in infostore publication file can lead to XSS when openedCWE-79
locationquery paramajax/redirectHTTP redirect with forged header can lead to XSS/HTML injection via location headerCWE-79
actionquery paramajax/infostore/w00tness.pngInfostore attachment/headers can be misused to execute JS in the user contextCWE-79
idquery paramajax/infostore/w00tness.pngInfostore attachment/headers can be misused to execute JS in the user contextCWE-79
sessionquery paramajax/infostore/w00tness.pngInfostore attachment/headers can be misused to execute JS in the user contextCWE-79
content_dispositionquery paramajax/infostore/w00tness.pngInfostore attachment/headers can be misused to execute JS in the user contextCWE-79
secretquery parampublications/files/10/meh!/66/currentRSS/HTML content in publications can render executable scripts in user contextCWE-79
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Jun 2026 23:51Current
5.7Medium risk
Vulners AI Score5.7
CVSS 24.3
EPSS0.01383
56