CVE-2016-3173

Open-Xchange OX AppSuite up to version 7.8.0-rev27 is affected by CVE-2016-3173. The aria-label parameter of Portal tiles can be used to inject script code, with labels derived from file names (e.g., images) displayed in the portal. This leads to script execution in a user’s context, enabling ses...

Open-Xchange OX AppSuite 7.8.0 XSS / Open Redirect

Product: OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 44542 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.0 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed versions: 7.6.2-rev40, 7.6.3-rev...