CVE-2013-6074

Name of the Vulnerable Software and Affected Versions Open-Xchange (OX) AppSuite versions 7.2.x through 7.2.2-rev24 Open-Xchange (OX) AppSuite versions 7.4.x through 7.4.0-rev13

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an attached SVG file. This occurs when an attacker sends a malicious SVG file as an attachment, which can then execute scripts on the victim's browser.

Recommendations For Open-Xchange (OX) AppSuite versions 7.2.x through 7.2.2-rev24, update to version 7.2.2-rev25 or later. For Open-Xchange (OX) AppSuite versions 7.4.x through 7.4.0-rev13, update to version 7.4.0-rev14 or later.