PT-2018-19158 · Open Xchange · Open-Xchange Appsuite
Antonio
+1
·
Published
2018-07-05
·
Updated
2019-08-16
·
CVE-2018-9997
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Open-Xchange OX App Suite versions prior to 7.6.3-rev31
Open-Xchange OX App Suite versions 7.8.x prior to 7.8.2-rev31
Open-Xchange OX App Suite version 7.8.3 prior to 7.8.3-rev41
Open-Xchange OX App Suite version 7.8.4 prior to 7.8.4-rev28
Description
A cross-site scripting (XSS) issue exists in the mail compose feature of Open-Xchange OX App Suite. This allows remote attackers to inject arbitrary web script or HTML via the
data-target attribute in an HTML page with data-toggle gadgets.Recommendations
For versions prior to 7.6.3-rev31, update to version 7.6.3-rev31 or later.
For versions 7.8.x prior to 7.8.2-rev31, update to version 7.8.2-rev31 or later.
For version 7.8.3 prior to 7.8.3-rev41, update to version 7.8.3-rev41 or later.
For version 7.8.4 prior to 7.8.4-rev28, update to version 7.8.4-rev28 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open-Xchange Appsuite