Open-Xchange Server 6 / OX AppSuite 7.6.1 Cross Site Scripting

2015.01.06
Credit: John de Kroon
Risk: Low
Local: No
Remote: Yes
CWE: CWE-80
CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35512 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.2-rev40, 7.6.0-rev32, 7.6.1-rev11 Researcher credits: John de Kroon of Voiceworks B.V. Vendor notification: 2014-11-18 Solution date: 2014-12-03 CVE reference: CVE-2014-8993 CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND) Vulnerability Details: When embedding script code within a file that gets identified by the "application/xhtml+xml" mime-type and provides a valid XHTML doctype, the existing sanitizer does not get triggered and therefor does not remove potentially harmful script code. Since browsers detect the doctype information, the script code gets executed. The issue may be used to execute a stored cross-site scripting attack. Risk: Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Potential attack vectors are E-Mail (via attachments) or Drive. Solution: Users should update to the latest patch releases 7.4.2-rev40, 7.6.0-rev32 and 7.6.1-rev11 (or later).


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top