Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
Software | From | Fixed in |
---|---|---|
open-xchange / open-xchange_appsuite | 6.22.3 | 6.22.3.x |
open-xchange / open-xchange_appsuite | 6.22.4 | 6.22.4.x |
open-xchange / open-xchange_appsuite | 7.2.2 | 7.2.2.x |
open-xchange / open-xchange_appsuite | 7.4.0 | 7.4.0.x |