CVE-2014-5235

Name of the Vulnerable Software and Affected Versions Open-Xchange (OX) AppSuite versions prior to 7.4.2-rev33 Open-Xchange (OX) AppSuite versions 7.6.x prior to 7.6.0-rev16

Description A cross-site scripting (XSS) issue exists in the frontend of Open-Xchange (OX) AppSuite, allowing remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.

Recommendations For Open-Xchange (OX) AppSuite versions prior to 7.4.2-rev33, update to version 7.4.2-rev33 or later. For Open-Xchange (OX) AppSuite versions 7.6.x prior to 7.6.0-rev16, update to version 7.6.0-rev16 or later.