CVE-2013-5698
Open-Xchange AppSuite and Server - Authenticated Cross-Site Scripting via Delivery View Action
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html
Scores
EPSS
0.0016
EPSS Percentile
36.3%
Details
CWE
CWE-79
Status
published
Products (10)
open-xchange/open-xchange_appsuite
6.22.0
open-xchange/open-xchange_appsuite
6.22.1
open-xchange/open-xchange_appsuite
7.0.1
open-xchange/open-xchange_appsuite
7.0.2
open-xchange/open-xchange_appsuite
7.2.0
open-xchange/open-xchange_server
6.22.0
open-xchange/open-xchange_server
6.22.1
open-xchange/open-xchange_server
7.0.1
open-xchange/open-xchange_server
7.0.2
open-xchange/open-xchange_server
7.2.0
Published
Sep 05, 2013
Tracked Since
Feb 18, 2026