Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Open-Xchange
Опубликовано:15 октября 2014 г.
Источник:
SecurityVulns ID:14022
Тип:удаленная
Уровень опасности:
6/10
Описание:XSS, обратный путь в каталогах, SSRF, обход ограничений.
Затронутые продукты:OPENXCHANGE : Open-Xchange 7.6
CVE:CVE-2014-5238
 CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.)
 CVE-2014-5236
 CVE-2014-5235 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.)
 CVE-2014-5234 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.)
Оригинальный текстdocumentOPENXCHANGE, Open-Xchange Security Advisory 2014-09-15 (15.10.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород