SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Open-Xchange Vendors:   Open-Xchange Inc.
Open-Xchange Input Validation Flaws Permit Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1029394
SecurityTracker URL:  http://securitytracker.com/id/1029394
CVE Reference:   CVE-2013-6242   (Links to External Site)
Date:  Nov 26 2013
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.4.0 and prior
Description:   A vulnerability was reported in Open-Xchange. A remote user can conduct cross-site scripting attacks.

Several components do not properly filter HTML code from user-supplied input before displaying the input. A remote user can send a specially crafted email that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Open-Xchange software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The TITLE tag is affected in versions 6.22.4 and prior.

The META tag is affected.

The URL parameter is affected.

The vendor was notified on October 22, 2013 and November 5, 2013.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Open-Xchange software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued a fix (7.2.2-rev27, 7.4.0-rev20).
Vendor URL:  www.open-xchange.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Open-Xchange Security Advisory 2013-11-25

Product: Open-Xchange AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 29648 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: 6.22.4 and earlier
Vulnerable component: frontend6
Fixed version: 6.22.3-rev5, 6.22.4-rev12
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-11-05
Solution date: 2013-11-12
Public disclosure: 2013-11-25
CVE reference: CVE-2013-6242
CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Embedding JavaScript code within an E-Mail gets executed when using misplaced closing TITLE tag at the mail subject, followed by <script> tags.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). This affects users of the OX6 UI, AppSuite UI is not affected.

Solution:
Service providers should update to the latest available patch releases. Users should avoid opening E-Mail attachments from untrusted sources. Users may disable presentation of HTML E-Mail within the browser.


Internal reference: 29642 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: 7.4.0 and earlier
Vulnerable component: backend
Fixed version: 7.2.2-rev27, 7.4.0-rev20
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-11-05
Solution date: 2013-11-12
Public disclosure: 2013-11-25
CVE reference: CVE-2013-6242
CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Embedding JavaScript code within an E-Mail gets executed when using the META tag at the mail body, for example using the "refresh" action to load a base64 encoded JS string as content.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). This affects users of the OX6 UI, AppSuite UI is not affected.

Solution:
Service providers should update to the latest available patch releases. Users should avoid accessing E-Mail from untrusted sources. Users may disable presentation of HTML E-Mail within the browser.



Internal reference: 29412 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: 7.4.0 and earlier
Vulnerable component: backend
Fixed version: 7.2.2-rev26, 7.4.0-rev16
Report confidence: Confirmed
Solution status: Fixed by Vendor
Vendor notification: 2013-10-22
Solution date: 2013-10-30
Public disclosure: 2013-11-25
CVE reference: CVE-2013-6242
CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)

Vulnerability Details:
Embedding JavaScript code within a URL parameter to access publications, triggering a reflected XSS vulnerability. The cause for this is an error response that contains the originally requested publication name, in this case a piece of JavaScript code.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.)

Solution:
Service providers should update to the latest available patch releases. Users should avoid opening E-Mail attachments and links from untrusted sources.
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC