CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2392
https://notcve.org/view.php?id=CVE-2014-2392
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. La funcionalidad de autoconfiguración de E-Mail en Open-Xchange AppSuite anterior a 7.2.2-rev20, 7.4.1 anterior a 7.4.1-rev11 y 7.4.2 anterior a 7.4.2-rev13 situa a contraseñas en una solicitud GET, lo que permite a atacantes remotos obtener información sensible mediante la lectura de (1) registros de acceso al servidor web, (2) registros Referer del servidor web o (3) el historial del navegador. • http://www.securityfocus.com/archive/1/531762 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2393
https://notcve.org/view.php?id=CVE-2014-2393
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment. Vulnerabilidad de XSS en Open-Xchange AppSuite 7.4.1 anterior a 7.4.1-rev11 y 7.4.2 anterior a 7.4.2-rev13 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un nombre de archivo Drive que no está manejado debidamente durante el uso del compositor para añadir un adjunto de email. • http://www.securityfocus.com/archive/1/531762 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2077
https://notcve.org/view.php?id=CVE-2014-2077
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'. Vulnerabilidad de XSS en el Frontend en Open-Xchange (OX) AppSuite 7.4.1 anterior a 7.4.1-rev10 y 7.4.2 anterior a 7.4.2-rev8 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del asunto de un email, involucrando las etiquetas aria para lectores de pantalla en la barra superior. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html http://secunia.com/advisories/57290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1679
https://notcve.org/view.php?id=CVE-2014-1679
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file. Vulnerabilidad de XSS en Open-Xchange (OX) AppSuite anterior a 7.2.2-rev31, 7.4.0 anterior a 7.4.0-rev27, y 7.4.1 anterior a 7.4.1-rev17 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de la cabecera en un fichero SGV adjunto. • http://secunia.com/advisories/56828 http://www.securityfocus.com/archive/1/531005 https://exchange.xforce.ibmcloud.com/vulnerabilities/91059 https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2013-7142
https://notcve.org/view.php?id=CVE-2013-7142
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. Vulnerabilidad XSS en Open-Xchange (OX) AppSuite v7.4.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de funciones oAuth no especificadas de la API. • http://osvdb.org/102193 http://seclists.org/bugtraq/2014/Jan/57 http://www.securityfocus.com/bid/65012 http://www.securitytracker.com/id/1029650 https://exchange.xforce.ibmcloud.com/vulnerabilities/90545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •