3 matches found
Open-Xchange Security Advisory 2014-03-17
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 31065 Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.4.1 and 7.4.2 Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.1-rev10, 7.4.2-rev...
CVE-2014-2077
Open-Xchange AppSuite frontend is affected by an XSS in the email subject field, due to unsafe handling of aria tags in the top bar. The vulnerability allows remote attackers to inject arbitrary script/HTML in the victim’s browser context when viewing emails. Remediation provided by the vendor fi...
Open-Xchange Server Email Subject脚本注入漏洞
CVE ID:CVE-2014-2077 Open-Xchange Server是部分开源的项目,主要开发协同软件,例如电子邮件、日历等。 通过email主题传递的输入在使用前没有正确过滤,攻击者可以利用漏洞当恶意数据被访问时,在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 Open-Xchange Server 7.x Open-Xchange Server 7.4.1-rev10 or 7.4.2-rev8版本以修复此漏洞,建议用户下载使用: http://www.open-xchange.com/home.html...