Test Kennung:	1.3.6.1.4.1.25623.1.0.806077
Kategorie:	Web application abuses
Titel:	Open-Xchange (OX) AppSuite XHTML File HTML Injection Vulnerability
Zusammenfassung:	The host is installed with; Open-Xchange (OX) AppSuite and is prone to cross site scripting vulnerability.
Beschreibung:	Summary: The host is installed with Open-Xchange (OX) AppSuite and is prone to cross site scripting vulnerability. Vulnerability Insight: The flaw is due to insufficient sanitization of user supplied input via XHTML file with the application/xhtml+xml MIME type. Vulnerability Impact: Successful exploitation will allow attackers to inject arbitrary web script or HTML leading to session hijacking or triggering unwanted actions via the web interface. Affected Software/OS: Open-Xchange (OX) AppSuite versins before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 Solution: Upgrade to Open-Xchange (OX) AppSuite version 7.4.2-rev40, or 7.6.0-rev32, or 7.6.1-rev11 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	BugTraq ID: 71888 Common Vulnerability Exposure (CVE) ID: CVE-2014-8993 Bugtraq: 20150105 Open-Xchange Security Advisory 2015-01-05 (Google Search) http://www.securityfocus.com/archive/1/534383/100/0/threaded http://packetstormsecurity.com/files/129811/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Cross-Site-Scripting.html http://www.securitytracker.com/id/1031488 http://secunia.com/advisories/62031
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.