CVE-2018-9997
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
05/07/2018
Last modified:
16/08/2019
Description
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:* | 7.6.3 (including) | |
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:* | ||
| cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page