Description
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65009
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90544
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029650
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102192
Mailing List mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2014/Jan/57
Scores
EPSS
0.0029
EPSS Percentile
52.9%
Details
CWE
CWE-79
Status
published
Products (10)
open-xchange/open-xchange_appsuite
6.20.7
open-xchange/open-xchange_appsuite
6.22.0
open-xchange/open-xchange_appsuite
6.22.1
open-xchange/open-xchange_appsuite
7.0.1
open-xchange/open-xchange_appsuite
7.0.2
open-xchange/open-xchange_appsuite
7.2.0
open-xchange/open-xchange_appsuite
7.2.1
open-xchange/open-xchange_appsuite
7.2.2
open-xchange/open-xchange_appsuite
7.4.0
open-xchange/open-xchange_appsuite
< 7.4.1
Published
Jan 26, 2014
Tracked Since
Feb 18, 2026