N/A

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.

N/A

N/A

Open-Xchange Server/OX App Suite 多个HTML注入漏洞

Open-Xchange AppSuite（OX AppSuite）和Open-Xchange Server都是美国Open-Xchange公司的产品。OX AppSuite是一套Web云桌面环境。Open-Xchange Server是一个主要用于开发协同软件的半开源项目。 Open-Xchange AppSuite和Server 7.0.2 rev7之前版本中存在多个跨站脚本漏洞。远程攻击者可借助(1)javascript: URL，(2) 畸形的嵌套式SCRIPT元素，(3) 邮件签名，或(4）图像

N/A

N/A