EUVD-2016-7730

Malware in sbrugna...

OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure Vulnerability

OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable...

Debian DLA-1868-1 : squirrelmail security update

A XSS vulnerability was discovered in SquirrelMail. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mails can be executed within the application context via crafted use of for example a NOEMBED...

CVE-2017-16962

Summary: CVE-2017-16962 affects CommuniGate Pro WebMail Crystal, pronto, and pronto4 components before version 6.2.1. The issue is a stored cross-site scripting (XSS) vulnerability. An attacker can craft calendar invitations or items that trigger scripts when rendered by WebMail, via vectors incl...

CVE-2016-6845

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...

CVE-2016-6845

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...

CVE-2016-6845

The CVE-2016-6845 entry affects Open-Xchange OX App Suite prior to 7.8.2-rev8. The vulnerability arises from script code within hyperlinks in HTML emails not being properly sanitized when using base64 encoded data resources, allowing an attacker to supply hyperlinks that can execute script code i...

FreeBSD : gforge -- XSS and email flood vulnerabilities (d7cd5015-08c9-11da-bc08-0001020eed82)

Jose Antonio Coret reports that GForge contains multiple Cross Site Scripting vulnerabilities and an e-mail flood vulnerability : The login form is also vulnerable to XSS Cross Site Scripting attacks. This may be used to launch phising attacks by sending HTML e-mails i.e.: saying that you need to...

CVE-2011-1405

Mahara is affected by CVE-2011-1405 (and related CVEs) up to version

CVE-2005-2769

Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain "" or other special characters, which is not properly sanitized by SqWebMail...

CVE-2005-2769

Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain "" or other special characters, which is not properly sanitized by SqWebMail...