| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Jan 2015 12:48:13 +0100 (CET) From: Martin Heiland <martin.heiland@...n-xchange.com> To: bugtraq <bugtraq@...urityfocus.com> Subject: Open-Xchange Security Advisory 2015-01-05 Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35512 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.2-rev40, 7.6.0-rev32, 7.6.1-rev11 Researcher credits: John de Kroon of Voiceworks B.V. Vendor notification: 2014-11-18 Solution date: 2014-12-03 CVE reference: CVE-2014-8993 CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND) Vulnerability Details: When embedding script code within a file that gets identified by the "application/xhtml+xml" mime-type and provides a valid XHTML doctype, the existing sanitizer does not get triggered and therefor does not remove potentially harmful script code. Since browsers detect the doctype information, the script code gets executed. The issue may be used to execute a stored cross-site scripting attack. Risk: Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Potential attack vectors are E-Mail (via attachments) or Drive. Solution: Users should update to the latest patch releases 7.4.2-rev40, 7.6.0-rev32 and 7.6.1-rev11 (or later).
Powered by blists - more mailing lists