CVE-2013-2583 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Open-xchange	Open-xchange Server Open-xchange Appsuite

Configuration 1 [-]

OR	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:::::::*
	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:::::::*
	cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:::::::*
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:::::::*
	cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:::::::*
	cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:14:59

Updated: 2022-10-03T16:14:59

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-2583

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-09-05T11:44:57.623

Modified: 2013-09-26T16:44:02.640

Link: CVE-2013-2583

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20130417 Open-Xchange Security Advisory 2013-04-17", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2583", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130417 Open-Xchange Security Advisory 2013-04-17", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2583", "datePublished": "2022-10-03T16:14:59", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", "matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:*:*:*:*:*:*:*", "matchCriteriaId": "EE83E623-175D-4F81-B92E-C170FDD896EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "58989467-7850-4D91-86D4-524EBE325869", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "BED21777-8642-49AC-A99F-87ED9B21FE14", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F5500DAF-78C2-4E30-AB1C-EF623C43956B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en Open-Xchange AppSuite y Server anterior a v6.20.7 rev16, v6.22.0 anterior a rev15, v6.22.1 anterior a rev17, v7.0.1 anterior a rev6, y v7.0.2 anterior a rev7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) un javascript: URL, (2) elementos anidados SCRIPT que est\u00e1n malformados, (3) una firma de correo, o (4) c\u00f3digo JavaScript dentro de un archivo de imagen."}], "id": "CVE-2013-2583", "lastModified": "2013-09-26T16:44:02.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-09-05T11:44:57.623", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}