Lucene search

[email protected]CVE-2014-8993

HistoryJan 07, 2015 - 6:59 p.m.

CVE-2014-8993

2015-01-0718:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8993

cross-site scripting

xss

open-xchange

ox appsuite

security vulnerability

nvd

remote attack

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.9%

JSON

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.

CPENameOperatorVersion
open-xchange:open-xchange_appsuiteopen-xchange open-xchange appsuiteeq7.6.0
open-xchange:open-xchange_appsuiteopen-xchange open-xchange appsuiteeq7.6.1
open-xchange:open-xchange_appsuiteopen-xchange open-xchange appsuitele7.4.2

CPE	Name	Operator	Version
open-xchange:open-xchange_appsuite	open-xchange open-xchange appsuite	eq	7.6.0
open-xchange:open-xchange_appsuite	open-xchange open-xchange appsuite	eq	7.6.1
open-xchange:open-xchange_appsuite	open-xchange open-xchange appsuite	le	7.4.2

References

packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html

secunia.com/advisories/62031

www.securityfocus.com/archive/1/534383/100/0/threaded

www.securitytracker.com/id/1031488

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for CVE-2014-8993

prion1 openvas1 securityvulns2 cvelist1