SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Open-Xchange Vendors:   Open-Xchange Inc.
Open-Xchange Web Mail Input Validation Hole Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1015431
SecurityTracker URL:  http://securitytracker.com/id/1015431
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 3 2006
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Version(s): 0.8.1-6 and prior versions
Description:   A vulnerability was reported in Open-Xchange. A remote user can conduct cross-site scripting attacks.

The WebMail feature does not properly filter HTML code from e-mail messages before displaying the message in HTML format. A remote user can send a specially crafted e-mail message that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Open-Xchange software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Thomas Pollet reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Open-Xchange software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.

The report indicates that, as a workaround, you can disable "Inline HTML" in the WebMail options setting.

Vendor URL:  mirror.open-xchange.org/ox/EN/community/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] Open Xchange XSS

--===============0031464283==
Content-Type: multipart/alternative; 
	boundary="----=_Part_18763_11554617.1136290882452"

------=_Part_18763_11554617.1136290882452
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Open Xchange webmail (<=3D0.8.1-6) suffers from xss.
http://mirror.open-xchange.org/ox/EN/community/

Vendor response:
For the commercial OX you don't need this as there exists additional
security
options where you will not able to use this session. It's a general problem
for
all web based mailers and some of them try to filter such scripts, some of
them
do not and show a warning instead that the document may contains "dangerous
content". But you will never be able to filter all possible scriptings.
Displaying HTML content is ALWAYS an unsecure option, so it is recommended
to
disable "Inline HTML" at the WebMail options. Anyway, I will check if I can
make
some basic filter to get most of such tags.

Cheers,
 Thomas

------=_Part_18763_11554617.1136290882452
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Open Xchange webmail (&lt;=3D0.8.1-6)<font style=3D"font-size: 14pt;"> </fo=
nt>suffers from xss.<br>

<a href=3D"http://mirror.open-xchange.org/ox/EN/community/" target=3D"_blan=
k" onclick=3D"return top.js.OpenExtLink(window,event,this)">http://mirror.o=
pen-xchange.org/ox/EN/community/</a><br>

<br>

Vendor response:<br>

For the commercial OX you don't need this as there exists additional securi=
ty<br>

options where you will not able to use this session. It's a general problem=
 for<br>

all web based mailers and some of them try to filter such scripts, some of =
them<br>

do not and show a warning instead that the document may contains &quot;dang=
erous<br>

content&quot;. But you will never be able to filter all possible scriptings=
.<br>

Displaying HTML content is ALWAYS an unsecure option, so it is recommended =
to<br>

disable &quot;Inline HTML&quot; at the WebMail options. Anyway, I will chec=
k if I can make<br>

some basic filter to get most of such tags.<br>

<br>

Cheers,<br>
<span class=3D"sg">
Thomas<br>
</span>

------=_Part_18763_11554617.1136290882452--

--===============0031464283==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0031464283==--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC