Showing 1 - 1 of 1

CVE-2013-1646

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary parameter to servlet/TestServlet, (3) a javascript: URL in a standalone-mode action to a UWA module, (4) an infostore attachment, (5) JavaScript code in a contact image, (6) an RSS feed, or (7) a signature.

Related Files

Open-Xchange 6 XSS / LFI / SSRF / Hashing: Posted Mar 14, 2013; Authored by Martin Braun; Open-Xchange version 6 suffers from cross site scripting, local file inclusion, HTTP header injection / response splitting, missing SSL enforcement, server-side request forging, insecure password hashing, and file permission vulnerabilities.; tags | exploit, web, local, vulnerability, xss, file inclusion; advisories | CVE-2013-1645, CVE-2013-1646, CVE-2013-1647, CVE-2013-1648, CVE-2013-1649, CVE-2013-1650, CVE-2013-1651; SHA-256 | 8be9974c5b91f42a1ca77eb417301430aea4147dc0179c425ee43fbe9ef5c36e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 237 files
Ubuntu 85 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files
ron190 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,448)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,344)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,672)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

CVE-2013-1646

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems