Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs for OX AppSuite Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
-Xchange GmbH
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: 67097 (Bug ID)
Vulnerability type: Cross-site scripting (CWE-80)
Vulnerable version: 7.10.2 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.10.2
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who
contributed in finding and solving those vulnerabilities. Feel free to join our
bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
ontent-type, set a specific
"name"
2. Upload, embed and make someone open this file with Firefox
Proof of concept:
Content-Type: garbageЯ/garbage; name=html-xml-svg
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=html-xml-svg
Solution:
We now detect and deny
-Xchange GmbH
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: 55872 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.8.4 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.3
14 matches
Mail list logo