logo
DATABASE RESOURCES PRICING ABOUT US

Open-Xchange (OX) AppSuite XSS Vulnerability (59507)

Description

File names of attachments of PIM objects (appointments, contacts, tasks) can be used to inject script code. Sharing such objects with other users allows to attack them. This requires both a trust relationship between those users - or both have to be provisioned to the same context.


Related