First published: Thu Jan 09 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open-Xchange App Suite Backend | <=7.4.0 | |
Open-Xchange App Suite Backend | =6.20.7 | |
Open-Xchange App Suite Backend | =6.22.0 | |
Open-Xchange App Suite Backend | =6.22.1 | |
Open-Xchange App Suite Backend | =7.0.1 | |
Open-Xchange App Suite Backend | =7.0.2 | |
Open-Xchange App Suite Backend | =7.2.0 | |
Open-Xchange App Suite Backend | =7.2.1 | |
Open-Xchange App Suite Backend | =7.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-6997 has a medium severity rating due to its potential for cross-site scripting exploits.
To fix CVE-2013-6997, update your Open-Xchange AppSuite to version 7.4.1 or later, which addresses the vulnerabilities.
CVE-2013-6997 is associated with cross-site scripting (XSS) attacks that allow remote attackers to inject malicious scripts.
CVE-2013-6997 affects Open-Xchange AppSuite versions 7.4.0 and earlier, as well as specific earlier versions like 6.20.7, 6.22.0, and 7.0.X.
Yes, CVE-2013-6997 is a documented vulnerability in Open-Xchange that has been acknowledged and addressed by the developers.