Open-Xchange AppSuite CVE-2014-5235 Multiple Cross Site Scripting Vulnerability
BID:69792
Info
Open-Xchange AppSuite CVE-2014-5235 Multiple Cross Site Scripting Vulnerability
| Bugtraq ID: | 69792 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5235 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 15 2014 12:00AM |
| Updated: | Sep 15 2014 12:00AM |
| Credit: | Martin Heiland |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Open-Xchange AppSuite CVE-2014-5235 Multiple Cross Site Scripting Vulnerability
Open-Xchange AppSuite is prone to multiple cross-site scripting vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Open-Xchange AppSuite 7.6.0 and prior are vulnerable.
Open-Xchange AppSuite is prone to multiple cross-site scripting vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Open-Xchange AppSuite 7.6.0 and prior are vulnerable.
Exploit / POC
Open-Xchange AppSuite CVE-2014-5235 Multiple Cross Site Scripting Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Open-Xchange AppSuite CVE-2014-5235 Multiple Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Open-Xchange AppSuite CVE-2014-5235 Multiple Cross Site Scripting Vulnerability
References:
References: