CVE-2013-3106Cross-site Scripting in Appsuite

CWE-79Cross-site Scripting6 documents3 sources
Severity
4.3MEDIUMNVD
NVD3.5
EPSS
0.2%
top 54.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Open-xchange AppsuiteOpen-xchange Server
Timeline
PublishedSep 5
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

4
GHSA
GHSA-fjqg-74r6-7pp5: Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 62022-05-17
GHSA
GHSA-f775-4rjm-m64p: Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 62022-05-17
CVEList
CVE-2013-5698: Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 62013-09-05
CVEList
CVE-2013-3106: Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 62013-09-05
CVE-2013-3106 — Cross-site Scripting in Appsuite | cvebase