3 matches found
CVE-2014-2077
Cross-site scripting XSS vulnerability in the frontend in Open-Xchange OX AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'...
CVE-2013-7142
Cross-site scripting XSS vulnerability in Open-Xchange OX AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions...
CVE-2013-7142
Open-Xchange AppSuite (v7.4.1 and earlier) is affected by CVE-2013-7142, an XSS in the backend/frontend introduced via oAuth API calls that can allow an attacker to inject script within the user’s context. The vendor fixed this with patches in 7.2.2-rev29, 7.4.0-rev24, and 7.4.1-rev11; apply the ...