CVE-2013-1646

Name of the Vulnerable Software and Affected Versions Open-Xchange Server versions prior to 6.20.7 rev14 Open-Xchange Server versions 6.22.0 prior to rev13 Open-Xchange Server versions 6.22.1 prior to rev14

Description The issue allows remote attackers to inject arbitrary web script or HTML via various means, including invalid JSON data in a mail-sending POST request, an arbitrary parameter to servlet/TestServlet, a javascript: URL in a standalone-mode action to a UWA module, an infostore attachment, JavaScript code in a contact image, an RSS feed, or a signature.

Recommendations For Open-Xchange Server versions prior to 6.20.7 rev14, update to version 6.20.7 rev14 or later. For Open-Xchange Server versions 6.22.0 prior to rev13, update to version 6.22.0 rev13 or later. For Open-Xchange Server versions 6.22.1 prior to rev14, update to version 6.22.1 rev14 or later.