Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite prior to 7.4.2-rev40, 7.6.0 prior to 7.6.0-rev32, and 7.6.1 prior to 7.6.1-rev11 allows remote malicious users to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange open-xchange appsuite |
||
open-xchange open-xchange appsuite 7.6.0 |
||
open-xchange open-xchange appsuite 7.6.1 |