CVE-2014-5234
Open-Xchange AppSuite < 7.4.2-rev33 and 7.6.x < 7.6.0-rev16 - Cross-Site Scripting via Folder Publication Name
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533443/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69796
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61080
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html
Vendor Advisory x_refsource_confirm
http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf
Scores
EPSS
0.0029
EPSS Percentile
52.9%
Details
CWE
CWE-79
Status
published
Products (11)
open-xchange/open-xchange_appsuite
6.20.7
open-xchange/open-xchange_appsuite
6.22.0
open-xchange/open-xchange_appsuite
6.22.1
open-xchange/open-xchange_appsuite
7.0.1
open-xchange/open-xchange_appsuite
7.0.2
open-xchange/open-xchange_appsuite
7.2.0
open-xchange/open-xchange_appsuite
7.2.1
open-xchange/open-xchange_appsuite
7.2.2
open-xchange/open-xchange_appsuite
7.4.0
open-xchange/open-xchange_appsuite
7.6.0
... and 1 more
Published
Sep 17, 2014
Tracked Since
Feb 18, 2026