CVE-2013-6997
Open-Xchange AppSuite <= 7.4.0 - Cross-Site Scripting via HTML Email CSS or Office Document Hyperlinks
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90113
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64676
Vendor Advisory x_refsource_confirm
http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_1766_7.4.0_Rev21_2013_12_13.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/101714
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029554
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/101715
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/530681/100/0/threaded
Scores
EPSS
0.0047
EPSS Percentile
65.1%
Details
CWE
CWE-79
Status
published
Products (9)
open-xchange/open-xchange_appsuite
6.20.7
open-xchange/open-xchange_appsuite
6.22.0
open-xchange/open-xchange_appsuite
6.22.1
open-xchange/open-xchange_appsuite
7.0.1
open-xchange/open-xchange_appsuite
7.0.2
open-xchange/open-xchange_appsuite
7.2.0
open-xchange/open-xchange_appsuite
7.2.1
open-xchange/open-xchange_appsuite
7.2.2
open-xchange/open-xchange_appsuite
< 7.4.0
Published
Jan 09, 2014
Tracked Since
Feb 18, 2026