CVE-2013-3106
Open-Xchange AppSuite and Server < 7.2.0 rev8 - Cross-Site Scripting
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html
Scores
EPSS
0.0022
EPSS Percentile
45.2%
Details
CWE
CWE-79
Status
published
Products (12)
open-xchange/open-xchange_appsuite
6.20.7
open-xchange/open-xchange_appsuite
6.22.0
open-xchange/open-xchange_appsuite
6.22.1
open-xchange/open-xchange_appsuite
7.0.1
open-xchange/open-xchange_appsuite
7.0.2
open-xchange/open-xchange_appsuite
7.2.0
open-xchange/open-xchange_server
6.20.7
open-xchange/open-xchange_server
6.22.0
open-xchange/open-xchange_server
6.22.1
open-xchange/open-xchange_server
7.0.1
... and 2 more
Published
Sep 05, 2013
Tracked Since
Feb 18, 2026