Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2013-6242
HistoryJan 02, 2020 - 7:15 p.m.

CVE-2013-6242

2020-01-0219:15:11
CWE-79
mitre
web.nvd.nist.gov
64
cve-2013-6242
cross-site scripting
xss
open-xchange
ox appsuite
email security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

64.8%

JSON

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.

Affected configurations

Nvd
Node
open-xchangeopen-xchange_appsuiteMatch6.22.3
OR
open-xchangeopen-xchange_appsuiteMatch6.22.4
OR
open-xchangeopen-xchange_appsuiteMatch7.2.2
OR
open-xchangeopen-xchange_appsuiteMatch7.4.0
VendorProductVersionCPE
open-xchangeopen-xchange_appsuite6.22.3cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.3:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite6.22.4cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.4:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.2.2cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*
open-xchangeopen-xchange_appsuite7.4.0cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*

Related

prion 3
cvelist 3
securityvulns 2
nvd 3
cve 2
prion
prion
Cross site scripting
2020-01-02 19:15:00
Cross site scripting
2020-01-02 19:15:00
Cross site scripting
2020-01-02 19:15:00
cvelist
cvelist
CVE-2013-6242
2020-01-02 18:05:42
CVE-2013-7485
2020-01-02 18:05:35
CVE-2013-7486
2020-01-02 18:05:38
securityvulns
securityvulns
Open-Xchange Security Advisory 2013-11-25
2013-12-09 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-12-09 00:00:00
nvd
nvd
CVE-2013-6242
2020-01-02 19:15:11
CVE-2013-7486
2020-01-02 19:15:12
CVE-2013-7485
2020-01-02 19:15:12
cve
cve
CVE-2013-7485
2020-01-02 19:15:12
CVE-2013-7486
2020-01-02 19:15:12

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

64.8%

JSON
Related for CVE-2013-6242
prion3cvelist3securityvulns2nvd3cve2