Lucene search
Copyright (C) 2017 Greenbone AGOPENVAS:1361412562310811132HistoryJun 21, 2017 - 12:00 a.m.
Open-Xchange (OX) Server Multiple Cross Site Scripting Vulnerabilities
2017-06-2100:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
9
0.002 Low
EPSS
Percentile
53.3%
Open-Xchange (OX) Server is prone to multiple cross site scripting vulnerabilities.
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:open-xchange:open-xchange_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.811132");
script_version("2024-03-04T14:37:58+0000");
script_cve_id("CVE-2015-1588");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"2024-03-04 14:37:58 +0000 (Mon, 04 Mar 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-10-09 19:55:00 +0000 (Tue, 09 Oct 2018)");
script_tag(name:"creation_date", value:"2017-06-21 15:24:33 +0530 (Wed, 21 Jun 2017)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("Open-Xchange (OX) Server Multiple Cross Site Scripting Vulnerabilities");
script_tag(name:"summary", value:"Open-Xchange (OX) Server is prone to multiple cross site scripting vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw is due to the sanitation and
cleaner engine does not properly filter HTML code from user-supplied input
before displaying the input. A remote user can cause arbitrary scripting
code to be executed by the target user's browser.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to inject arbitrary web script or HTML in the browser of an
unsuspecting user. This can lead to session hijacking or triggering unwanted
actions via the web interface (sending mail, deleting data etc.). Potential
attack vectors are E-Mail (via attachments) or Drive.");
script_tag(name:"affected", value:"Open-Xchange (OX) Server version 6 before
7.6.1-rev21.");
script_tag(name:"solution", value:"Upgrade to Open-Xchange (OX) Server version
7.6.1-rev21 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/archive/1/535388/100/1100/threaded");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74350");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_ox_server_detect.nasl");
script_mandatory_keys("open_xchange_server/installed");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!port = get_app_port(cpe:CPE))
exit(0);
if(!version = get_app_version(cpe:CPE, port:port))
exit(0);
revision = get_kb_item("open_xchange_server/" + port + "/rev");
if(revision) {
## Updating version with revision number
version = version + "." + revision;
##http://www.securityfocus.com/bid/74350
if(version =~ "^[67]\.") {
if(version_in_range(version:version, test_version:"6.20.7.15", test_version2:"7.6.1.20")) {
report = report_fixed_ver(installed_version:version, fixed_version:"7.6.1-rev21");
security_message(data:report, port:port);
exit(0);
}
}
}
exit(99);
Related
securityvulns
securityvulns
Open-Xchange crossite scripting
2015-05-12 00:00:00
Open-Xchange Security Advisory 2015-04-27
2015-05-12 00:00:00
cvelist
cvelist
CVE-2015-1588
2017-06-08 21:00:00
prion
prion
Cross site scripting
2017-06-08 21:29:00
cve
cve
CVE-2015-1588
2017-06-08 21:29:00
openvas
openvas