3 matches found
Open-Xchange 7.6.0 XSS / SSRF / Traversal Vulnerabilities
Open-Xchange versions 7.6.0 and below suffer from absolute path traversal, server-side request forgery, XXE injection, and cross site scripting vulnerabilities. Product: OX App Suite Vendor: Open-Xchange GmbH Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.6.0 and earlier...
CVE-2014-5235
Cross-site scripting XSS vulnerability in the frontend in Open-Xchange OX AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds...
CVE-2014-5235
Open-Xchange App Suite frontend is affected by CVE-2014-5235. The vulnerability resides in the frontend code where RSS feed fields can inject arbitrary script/HTML, enabling XSS. Affected versions are Open-Xchange App Suite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16. The root cause is unsani...