CVE-2013-2583: XSS
First published: Thu Sep 05 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-Xchange App Suite Backend | =6.20.7 | |
| Open-Xchange App Suite Backend | =6.22.0 | |
| Open-Xchange App Suite Backend | =6.22.1 | |
| Open-Xchange App Suite Backend | =7.0.1 | |
| Open-Xchange App Suite Backend | =7.0.2 | |
| SUSE Linux Openexchange Server | =6.20.7 | |
| SUSE Linux Openexchange Server | =6.22.0 | |
| SUSE Linux Openexchange Server | =6.22.1 | |
| SUSE Linux Openexchange Server | =7.0.1 | |
| SUSE Linux Openexchange Server | =7.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-2583?
CVE-2013-2583 has a medium severity rating due to its potential for cross-site scripting attacks.
How do I fix CVE-2013-2583?
To fix CVE-2013-2583, upgrade your Open-Xchange AppSuite or Server to versions 6.20.7 rev16, 6.22.0 rev15, 6.22.1 rev17, 7.0.1 rev6, or 7.0.2 rev7 or later.
Which Open-Xchange versions are affected by CVE-2013-2583?
CVE-2013-2583 affects Open-Xchange AppSuite and Server versions prior to 6.20.7 rev16, 6.22.0 rev15, 6.22.1 rev17, 7.0.1 rev6, and 7.0.2 rev7.
What types of attacks can be executed due to CVE-2013-2583?
CVE-2013-2583 allows remote attackers to execute cross-site scripting (XSS) attacks by injecting arbitrary web scripts or HTML.
Is there a workaround for CVE-2013-2583 if I cannot update immediately?
While the best solution to CVE-2013-2583 is to apply the updates, implementing input validation and escaping output in the application can be a temporary workaround.
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/open-xchange
- canonical/open-xchange app suite backend
- version/open-xchange app suite backend/6.20.7
- version/open-xchange app suite backend/6.22.0
- version/open-xchange app suite backend/6.22.1
- version/open-xchange app suite backend/7.0.1
- version/open-xchange app suite backend/7.0.2
- canonical/suse linux openexchange server
- version/suse linux openexchange server/6.20.7
- version/suse linux openexchange server/6.22.0
- version/suse linux openexchange server/6.22.1
- version/suse linux openexchange server/7.0.1
- version/suse linux openexchange server/7.0.2