PT-2006-1175 · Open Xchange · Open-Xchange

Thomas Pollet

Published

2006-01-05

Updated

2016-10-18

CVE-2006-0091

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Open-Xchange versions 0.8.1-6 and earlier

Description: The issue concerns a cross-site scripting (XSS) vulnerability in the webmail component of Open-Xchange, specifically when the "Inline HTML" feature is enabled. This allows remote attackers to inject arbitrary web script or HTML via email attachments that are rendered inline.

Recommendations: For Open-Xchange versions 0.8.1-6 and earlier, consider disabling the "Inline HTML" feature to prevent the rendering of email attachments inline until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0091

Affected Products

Open-Xchange

PT-2006-1175 · Open Xchange · Open-Xchange

CVE-2006-0091

Related Identifiers

Affected Products

References · 6