CVE-2013-5690

Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite versions prior to 7.2.2

Description The issue allows remote authenticated users to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This can be achieved via content with the text/xml MIME type or the Status comment field of an appointment.

Recommendations For versions prior to 7.2.2, update to version 7.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Status comment field of appointments and limiting the upload of content with the text/xml MIME type until the update is applied.