CVE-2014-2077

Open-Xchange (OX) AppSuite <7.4.1-rev10-7.4.2-rev8 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.

References (2)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html

[Vendor Advisory] http://secunia.com/advisories/57290

Scores

EPSS 0.0026

EPSS Percentile 49.5%

Details

CWE

CWE-79

Status published

Products (3)

open-xchange/open-xchange_appsuite

n/a/n/a

Published Mar 20, 2014

Tracked Since Feb 18, 2026