fkie_cve-2016-6846
Vulnerability from fkie_nvd
Published
2017-03-29 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| open-xchange | documentconverter-api | 7.8.2 | |
| open-xchange | office_web | 7.6.2 | |
| open-xchange | office_web | 7.8.0 | |
| open-xchange | office_web | 7.8.2 | |
| open-xchange | open-xchange_appsuite_backend | 7.6.2 | |
| open-xchange | open-xchange_appsuite_backend | 7.8.0 | |
| open-xchange | open-xchange_appsuite_backend | 7.8.2 | |
| open-xchange | open-xchange_appsuite_frontend | 7.6.2 | |
| open-xchange | open-xchange_appsuite_frontend | 7.8.0 | |
| open-xchange | open-xchange_appsuite_frontend | 7.8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-xchange:documentconverter-api:7.8.2:rev4:*:*:*:*:*:*",
"matchCriteriaId": "84AD8594-8E1B-4F60-921B-C53A924EF7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:office_web:7.6.2:rev15:*:*:*:*:*:*",
"matchCriteriaId": "1041CD76-9C55-42A4-81B9-9149897E2FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:office_web:7.8.0:rev9:*:*:*:*:*:*",
"matchCriteriaId": "A8527183-07B0-4C15-98FD-5478C37B40D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:office_web:7.8.2:rev4:*:*:*:*:*:*",
"matchCriteriaId": "95A418D2-8171-4E73-8AE7-C7DC552CFC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.6.2:rev58:*:*:*:*:*:*",
"matchCriteriaId": "DBA3F9E8-DF1B-462C-8FA2-2BBAD3F61274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.8.0:rev37:*:*:*:*:*:*",
"matchCriteriaId": "90367339-5580-440F-8718-1CF142EC2412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.8.2:rev7:*:*:*:*:*:*",
"matchCriteriaId": "619D4F63-FB6F-474F-A78A-F2B5A5556878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.6.2:rev46:*:*:*:*:*:*",
"matchCriteriaId": "3FC76B02-B27F-4FC4-BCB0-77ACBBBCA69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.8.0:rev29:*:*:*:*:*:*",
"matchCriteriaId": "6E81CCF3-6D5F-46CF-BB68-0E878B7BDFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.8.2:rev7:*:*:*:*:*:*",
"matchCriteriaId": "80CCB01F-D7CC-4C4E-BC65-8A5BFB5DE06A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en Open-Xchange (OX) AppSuite backend en versiones anteriores a 7.6.2-rev59, 7.8.0 en versiones anteriores a 7.8.0-rev38, 7.8.2 en versiones anteriores a 7.8.2-rev8; interfaz AppSuite en versiones anteriores a 7.6.2-rev47, 7.8.0 en versiones anteriores a 7.8.0-rev30 y 7.8.2 en versiones anteriores a 7.8.2-rev8; Office Web en versiones anteriores a 7.6.2-rev16, 7.8.0 en versiones anteriores a 7.8.0-rev10 y 7.8.2 en versiones anteriores a 7.8.2-rev5; y Documentconverter-API en versiones anteriores a 7.8.2-rev5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios."
}
],
"id": "CVE-2016-6846",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-29T14:59:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_3520_7.8.0_2016-08-29.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3518_7.6.2_2016-08-29.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_3520_7.8.0_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3518_7.6.2_2016-08-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…