Test ID:	1.3.6.1.4.1.25623.1.0.806068
Category:	Web application abuses
Title:	Open-Xchange (OX) App Suite Multiple Vulnerabilities - 01 (Oct 2015)
Summary:	Open-Xchange (OX) App Suite is prone to multiple; vulnerabilities.
Description:	Summary: Open-Xchange (OX) App Suite is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Insufficient sanitization of user-supplied input via a folder publication name - Insufficient sanitization of user-supplied input via vectors related to unspecified fields in RSS feeds Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user, other attacks are also possible. Affected Software/OS: Open-Xchange (OX) App Suite versions before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16. Solution: Update to version 7.4.2-rev33, 7.6.0-rev16 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5234 BugTraq ID: 69796 http://www.securityfocus.com/bid/69796 Bugtraq: 20140915 Open-Xchange Security Advisory 2014-09-15 (Google Search) http://www.securityfocus.com/archive/1/533443/100/0/threaded http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html http://secunia.com/advisories/61080 Common Vulnerability Exposure (CVE) ID: CVE-2014-5235 BugTraq ID: 69792 http://www.securityfocus.com/bid/69792
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.