Lucene search

PRIOn knowledge basePRION:CVE-2014-8993

HistoryJan 07, 2015 - 6:59 p.m.

Cross site scripting

2015-01-0718:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.4%

JSON

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.

CPENameOperatorVersion
open-xchange_appsuiteeq7.6.0
open-xchange_appsuiteeq7.6.1
open-xchange_appsuitele7.4.2

Name	Operator	Version
open-xchange_appsuite	eq	7.6.0
open-xchange_appsuite	eq	7.6.1
open-xchange_appsuite	le	7.4.2

References

packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html

secunia.com/advisories/62031

www.securityfocus.com/archive/1/534383/100/0/threaded

www.securitytracker.com/id/1031488

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.4%

JSON

Related for PRION:CVE-2014-8993