Lucene search

MitreCVE-2014-5234

HistorySep 17, 2014 - 2:55 p.m.

CVE-2014-5234

2014-09-1714:55:03

CWE-79

mitre

web.nvd.nist.gov

cve-2014-5234

cross-site scripting

xss

open-xchange

appsuite

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.

Affected configurations

Nvd

Node

open-xchangeopen-xchange_appsuiteRange≤7.4.1

open-xchangeopen-xchange_appsuiteMatch6.20.7

open-xchangeopen-xchange_appsuiteMatch6.22.0

open-xchangeopen-xchange_appsuiteMatch6.22.1

open-xchangeopen-xchange_appsuiteMatch7.0.1

open-xchangeopen-xchange_appsuiteMatch7.0.2

open-xchangeopen-xchange_appsuiteMatch7.2.0

open-xchangeopen-xchange_appsuiteMatch7.2.1

open-xchangeopen-xchange_appsuiteMatch7.2.2

open-xchangeopen-xchange_appsuiteMatch7.4.0

open-xchangeopen-xchange_appsuiteMatch7.6.0

VendorProductVersionCPE
open-xchangeopen-xchange_appsuite*cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite6.20.7cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite6.22.0cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite6.22.1cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.0.1cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.0.2cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.2.0cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.2.1cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.2.2cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.4.0cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
open-xchange	open-xchange_appsuite	*	cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::
open-xchange	open-xchange_appsuite	6.20.7	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:::::::*
open-xchange	open-xchange_appsuite	6.22.0	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:::::::*
open-xchange	open-xchange_appsuite	6.22.1	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:::::::*
open-xchange	open-xchange_appsuite	7.0.1	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:::::::*
open-xchange	open-xchange_appsuite	7.0.2	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:::::::*
open-xchange	open-xchange_appsuite	7.2.0	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:::::::*
open-xchange	open-xchange_appsuite	7.2.1	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:::::::*
open-xchange	open-xchange_appsuite	7.2.2	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:::::::*
open-xchange	open-xchange_appsuite	7.4.0	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:::::::*

Rows per page:

1-10 of 111

References

packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html

secunia.com/advisories/61080

software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf

www.securityfocus.com/archive/1/533443/100/0/threaded

www.securityfocus.com/bid/69796

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2014-5234