Arbitrary Script Injection in Open-Xchange (OX) AppSuite RSS Feeds

Arbitrary Script Injection in Open-Xchange (OX) AppSuite RSS Feeds

CVE-2014-5235 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.

Learn more about our Web App Pen Testing.