Информационная безопасность
[RU] switch to English


Межсайтовый скриптинг в OpenXchange
дополнено с 8 января 2014 г.
Опубликовано:24 марта 2014 г.
Источник:
SecurityVulns ID:13485
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг при отображении документов MS Office и EML.
CVE:CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.)
 CVE-2014-1679 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.)
 CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.)
 CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers.")
Оригинальный текстdocumentOPENXCHANGE, Open-Xchange Security Advisory 2014-02-10 (24.03.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-03-17 (24.03.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-01-17 (19.01.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-01-06 (08.01.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород