CVE-2013-3106

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
open-xchangeopen-xchange_appsuite
6.20.7
open-xchangeopen-xchange_appsuite
6.22.0
open-xchangeopen-xchange_appsuite
6.22.1
open-xchangeopen-xchange_appsuite
7.0.1
open-xchangeopen-xchange_appsuite
7.0.2
open-xchangeopen-xchange_appsuite
7.2.0
open-xchangeopen-xchange_server
6.20.7
open-xchangeopen-xchange_server
6.22.0
open-xchangeopen-xchange_server
6.22.1
open-xchangeopen-xchange_server
7.0.1
open-xchangeopen-xchange_server
7.0.2
open-xchangeopen-xchange_server
7.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html
http://archives.neohapsis.com/archives/bugtraq/2013-06/0012.html