CVE-2014-2393

Open-Xchange AppSuite <7.4.1-rev11, <7.4.2-rev13 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

References (1)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/531762

Scores

EPSS 0.0022

EPSS Percentile 45.1%

Details

CWE

CWE-79

Status published

Products (6)

open-xchange/open-xchange_appsuite < 7.2.2

open-xchange/open-xchange_appsuite

n/a/n/a

Published Apr 24, 2014

Tracked Since Feb 18, 2026