Test ID:	1.3.6.1.4.1.25623.1.0.806076
Category:	Web application abuses
Title:	Open-Xchange (OX) App Suite SVG File Cross Site Scripting Vulnerability
Summary:	Open-Xchange (OX) App Suite is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: Open-Xchange (OX) App Suite is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an insufficient sanitization of user supplied input via the header in an attached SVG file. Vulnerability Impact: Successful exploitation will allow attackers to inject arbitrary web script or HTML leading to session hijacking or triggering unwanted actions via the web interface. Affected Software/OS: Open-Xchange (OX) App Suite versions before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 Solution: Update to version 7.2.2-rev31 or 7.4.0-rev27 or 7.4.1-rev17 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1679 Bugtraq: 20140210 Open-Xchange Security Advisory 2014-02-10 (Google Search) http://www.securityfocus.com/archive/1/531005 https://forum.open-xchange.com/showthread.php?8259-Open-Xchange-releases-Security-Patch-2014-01-29-for-v7-2-2-v7-4-0-and-v7-4-1 http://secunia.com/advisories/56828 XForce ISS Database: openxchange-cve20141679-xss(91059) https://exchange.xforce.ibmcloud.com/vulnerabilities/91059
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.