3 matches found
CVE-2018-13104
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 Bug ID...
CVE-2018-13104
Open-Xchange OX App Suite is affected by a cross-site scripting vulnerability (CVE-2018-13104) in the frontend handling of mail attachments. The issue arises from attachment file names that can be used to inject script code, potentially enabling code execution in a victim’s browser (session hijac...
Open-Xchange (OX) App Suite XSS Vulnerability (59507)
File names of attachments of PIM objects appointments, contacts, tasks can be used to inject script code. Sharing such objects with other users allows to attack them. This requires both a trust relationship between those users - or both have to be provisioned to the same context. Copyright C 2019...