Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-5754Cross-site Scripting in Appsuite

CWE-79Cross-site ScriptingCWE-787Out-of-bounds WriteCWE-200Sensitive Information ExposureCWE-228Improper Handling of Syntactically Invalid Structure14 documents11 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 44.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange Appsuite
Timeline
PublishedJun 16
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-crvf-8frr-387q: Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 72022-05-14
CVEList
CVE-2018-5754: Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 72018-06-15

💥Exploits & PoCs

1
Exploit-DB
OX App Suite 7.8.4 - Multiple Vulnerabilities2018-06-12

📋Vendor Advisories

3
Red Hat
xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses2018-11-20
Red Hat
xen: x86 PV guest may crash Xen with XPTI2018-04-25
Cisco
CPU Side-Channel Information Disclosure Vulnerabilities2018-01-05

🕵️Threat Intelligence

2
Qualys
Processor Vulnerabilities - Meltdown and Spectre | Qualys2018-01-04
Sentinelone
SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes2018-01-04

💬Community

1
Bugzilla
firefox: mitigations against spectre via javascript2018-01-08
CVE-2018-5754 — Cross-site Scripting in Appsuite | cvebase