CVE-2013-3106

Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite and Server versions prior to 6.20.7 rev18 Open-Xchange AppSuite and Server versions 6.22.0 prior to rev16 Open-Xchange AppSuite and Server versions 6.22.1 prior to rev19 Open-Xchange AppSuite and Server versions 7.0.1 prior to rev7 Open-Xchange AppSuite and Server versions 7.0.2 prior to rev11 Open-Xchange AppSuite and Server versions 7.2.0 prior to rev8

Description The issue allows remote attackers to inject arbitrary web script or HTML via various means, including embedded VBScript, object/data Base64 content, a Content-Type header, or UTF-16 encoding.

Recommendations For versions prior to 6.20.7 rev18, update to version 6.20.7 rev18 or later. For versions 6.22.0 prior to rev16, update to version 6.22.0 rev16 or later. For versions 6.22.1 prior to rev19, update to version 6.22.1 rev19 or later. For versions 7.0.1 prior to rev7, update to version 7.0.1 rev7 or later. For versions 7.0.2 prior to rev11, update to version 7.0.2 rev11 or later. For versions 7.2.0 prior to rev8, update to version 7.2.0 rev8 or later.