CVE-2013-5690

Open-Xchange AppSuite < 7.2.2 - Authenticated Cross-Site Scripting via XML Content or Appointment Status Comment

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/528940

Scores

EPSS 0.0016
EPSS Percentile 36.3%

Details

CWE
CWE-79
Status published
Products (7)
open-xchange/open-xchange_appsuite 6.20.7
open-xchange/open-xchange_appsuite 6.22.0
open-xchange/open-xchange_appsuite 6.22.1
open-xchange/open-xchange_appsuite 7.0.1
open-xchange/open-xchange_appsuite 7.0.2
open-xchange/open-xchange_appsuite 7.2.0
open-xchange/open-xchange_appsuite < 7.2.1
Published Oct 03, 2013
Tracked Since Feb 18, 2026