[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Open-Xchange Security Advisory 2015-04-27
From:       Martin Heiland <martin.heiland.lists () open-xchange ! com>
Date:       2015-04-27 15:08:23
Message-ID: 303595732.2395.1430147304054.JavaMail.open-xchange () appsuite-gw1 ! open-xchange ! com
[Download RAW message or body]

Product: Open-Xchange Server 6 / OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 35982 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.6.1
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.1-rev21
Vendor notification: 2015-01-07
Solution date: 2015-03-02
CVE reference: CVE-2015-1588
CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)


Vulnerability Details:
The sanitation and cleaner engine of OX AppSuite can be exploitet to return valid \
script code that gets executed by certain browsers. Such filter evasion requires \
rather good kowledge of the filtering algorithm and carefully crafted script code.

Risk:
Malicious script code can be executed within a users context. This can lead to \
session hijacking or triggering unwanted actions via the web interface (sending mail, \
deleting data etc.). Potential attack vectors are E-Mail (via attachments) or Drive.

Solution:
Users should update to the latest patch releases 7.6.1-rev21 (or later).



Internal reference: 36024 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.6.1 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.4.2-rev43, 7.6.0-rev38, 7.6.1-rev21
Vendor notification: 2015-01-09
Solution date: 2015-03-02
CVE reference: CVE-2015-1588
CVSSv2: 4.1 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C/CDP:ND/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Inline-styles of HTML content can be used to place a element at the complete viewport \
of the application. This element can be a hyperlink which may trick users to trust \
third party and potentially malicious content.

Risk:
The application can become unresponsible or unusable when selecting certain contant. \
Furthermore, users may get tricked to open hyperlinks or consume injected content \
(images, text) at unexpected places of the application for unsolicited advertising \
and social-engineering attacks.

Solution:
Users should update to the latest patch releases 7.4.2-rev43, 7.6.0-rev38, \
7.6.1-rev21 (or later).


[prev in list] [next in list] [prev in thread] [next in thread]