CVE-2013-6242
published 2020-01-02CVE-2013-6242: Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.63%
73.2th percentile
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9rvf-979h-c9pq: Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7
ghsa_unreviewed·2022-05-05·CVSS 6.1
CVE-2013-7485 [MEDIUM] GHSA-9rvf-979h-c9pq: Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
GHSA
GHSA-x722-vrpx-v9g4: Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7
ghsa_unreviewed·2022-05-05·CVSS 6.1
CVE-2013-7486 [MEDIUM] GHSA-x722-vrpx-v9g4: Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
GHSA
GHSA-84q5-r9gp-rcmw: Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6
ghsa_unreviewed·2022-05-05
CVE-2013-6242 [MEDIUM] GHSA-84q5-r9gp-rcmw: Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.htmlhttp://seclists.org/bugtraq/2013/Nov/127http://www.securitytracker.com/id/1029394https://exchange.xforce.ibmcloud.com/vulnerabilities/89250https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6http://packetstormsecurity.com/files/124185/Open-Xchange-frontend6-6.22.4-backend-7.4.0-Cross-Site-Scripting.htmlhttp://seclists.org/bugtraq/2013/Nov/127http://www.securitytracker.com/id/1029394https://exchange.xforce.ibmcloud.com/vulnerabilities/89250https://forum.open-xchange.com/showthread.php?8115-Open-Xchange-releases-Security-Patch-2013-11-12-for-v7-2-2-v6-22-3-and-v7-4-0-v6
2020-01-02
Published