NotCVE - vendor:"Open-xchange" product:"Open-xchange Server" version:"7.2.0"

2 results (0.005 seconds)

CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2013-5698

https://notcve.org/view.php?id=CVE-2013-5698

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106. Vulnerabilidad Cross-site scripting (XSS) en Open-Xchange AppSuite y Server anterior a v6.22.0 rev16, v6.22.1 anterior a rev19, v7.0.1 anterior a rev7, v7.0.2 anterior a rev11, y v7.2.0 anterior a rev8 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de una acción "delivery=view", también conocido como Bug ID 26373, una vulnerabilidad diferente a CVE-2013-3106. • http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

CVE-2013-3106

https://notcve.org/view.php?id=CVE-2013-3106

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244. Múltiples vulnerabilidades XSS en Open-Xchange AppSuite y Server anterior a 6.20.7 rev14, 6.22.0 anterior a rev13, y 6.22.1 anterior a rev14, 7.0.1 anterior a rev7, 7.0.2 anterior a rev11, y 7.2.0 anterior a rev8, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) VBScript, embebido (2) contenido object/data Base64 , (3) una cabecera Content-Type , o (4) codificación UTF-16 , aka Bug IDs 25957, 26237, 26243, and 26244. • http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •