CVE-2014-5235
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0029 (0.3%)
Percentil: 52.7%
EPSS: 2026-05-06
Afecta
open-xchange:open-xchange_appsuiteDescripción técnica
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
Publicada: 17/9/2014, 14:55:03
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html
- http://secunia.com/advisories/61080
- http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf
- http://www.securityfocus.com/archive/1/533443/100/0/threaded
- http://www.securityfocus.com/bid/69792
- http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html
- http://secunia.com/advisories/61080
- http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf