what you don't know can hurt you

Open-Xchange Server 6 / OX AppSuite Cross Site Scripting

Open-Xchange Server 6 / OX AppSuite Cross Site Scripting
Posted Apr 27, 2015
Authored by Martin Heiland

Open-Xchange Server 6 and OX AppSuite versions 7.6.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2015-1588
MD5 | a65ec62667e3fc8fb957722446b0ebd5

Open-Xchange Server 6 / OX AppSuite Cross Site Scripting

Change Mirror Download
Product: Open-Xchange Server 6 / OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 35982 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.6.1
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.1-rev21
Vendor notification: 2015-01-07
Solution date: 2015-03-02
CVE reference: CVE-2015-1588
CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
The sanitation and cleaner engine of OX AppSuite can be exploitet to return valid script code that gets executed by certain browsers. Such filter evasion requires rather good kowledge of the filtering algorithm and carefully crafted script code.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Potential attack vectors are E-Mail (via attachments) or Drive.

Solution:
Users should update to the latest patch releases 7.6.1-rev21 (or later).



Internal reference: 36024 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.6.1 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.4.2-rev43, 7.6.0-rev38, 7.6.1-rev21
Vendor notification: 2015-01-09
Solution date: 2015-03-02
CVE reference: CVE-2015-1588
CVSSv2: 4.1 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C/CDP:ND/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Inline-styles of HTML content can be used to place a element at the complete viewport of the application. This element can be a hyperlink which may trick users to trust third party and potentially malicious content.

Risk:
The application can become unresponsible or unusable when selecting certain contant. Furthermore, users may get tricked to open hyperlinks or consume injected content (images, text) at unexpected places of the application for unsolicited advertising and social-engineering attacks.

Solution:
Users should update to the latest patch releases 7.4.2-rev43, 7.6.0-rev38, 7.6.1-rev21 (or later).

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close