Open-Xchange: >> Open-Xchange Appsuite >> 6.22.4 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
CVSS Score
4.3
EPSS Score
0.005
Published
2014-01-09
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
CVSS Score
4.3
EPSS Score
0.002
Published
2013-10-03
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
CVSS Score
3.5
EPSS Score
0.002
Published
2013-10-03
Page 11