QwikSec

Security Database

CVE

CWE

Training

CVE-2018-9997

Published: Jul 5, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

20180702 Open-Xchange Security Advisory 2018-07-02

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/154127/Open-Xchange-OX-Guard-Cross-Site-Scripting-Signature-Validation.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.