Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange | Open-Xchange Appsuite | <= 7.4.0 |
Related Weaknesses (CWE)
References
- http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_Vendor Advisory
- http://www.osvdb.org/101714
- http://www.osvdb.org/101715
- http://www.securityfocus.com/archive/1/530681/100/0/threaded
- http://www.securityfocus.com/bid/64676
- http://www.securitytracker.com/id/1029554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90113
- http://software.open-xchange.com/OX6/doc/Release_Notes_for_Public_Patch_Release_Vendor Advisory
- http://www.osvdb.org/101714
- http://www.osvdb.org/101715
- http://www.securityfocus.com/archive/1/530681/100/0/threaded
- http://www.securityfocus.com/bid/64676
- http://www.securitytracker.com/id/1029554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90113
FAQ
What is CVE-2013-6997?
CVE-2013-6997 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS...
How severe is CVE-2013-6997?
CVE-2013-6997 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6997?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.