← Back

CVE-2018-5754

nvd nist
Published: Jun 16, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.

Affected (14)

Open Xchange
1 product
Open Xchange Appsuite
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Open Xchange
Open Xchange Appsuite
Up to 7.8.3
Open Xchange Appsuite
Version 7.8.3 rev10
Open Xchange Appsuite
Version 7.8.3 rev11
Open Xchange Appsuite
Version 7.8.3 rev5
Open Xchange Appsuite
Version 7.8.3 rev6
Open Xchange Appsuite
Version 7.8.3 rev8
Open Xchange Appsuite
Version 7.8.3 rev9
Open Xchange Appsuite
Version 7.8.4
Open Xchange Appsuite
Version 7.8.4 rev3
Open Xchange Appsuite
Version 7.8.4 rev4
Open Xchange Appsuite
Version 7.8.4 rev5
Open Xchange Appsuite
Version 7.8.4 rev6
Open Xchange Appsuite
Version 7.8.4 rev7
Open Xchange Appsuite
Version 7.8.4 rev8

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.