CVE-2013-2583

{"id": "CVE-2013-2583", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-09-05T11:44:57.623", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en Open-Xchange AppSuite y Server anterior a v6.20.7 rev16, v6.22.0 anterior a rev15, v6.22.1 anterior a rev17, v7.0.1 anterior a rev6, y v7.0.2 anterior a rev7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) un javascript: URL, (2) elementos anidados SCRIPT que est\u00e1n malformados, (3) una firma de correo, o (4) c\u00f3digo JavaScript dentro de un archivo de imagen."}], "lastModified": "2013-09-26T16:44:02.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "983E5F3A-E7AD-4CCA-80D4-9C012AFCCDD4"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F85EE0C-B7A0-455A-96F6-E4E6BA5D7216"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D9572CB-9A46-492E-BDCC-E01849EF0EC0"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "138461CD-9C27-40E5-B7A0-A37737B6E942"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "108BCEFD-3098-4919-9B0C-E80F6FA1C102"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE83E623-175D-4F81-B92E-C170FDD896EC"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58989467-7850-4D91-86D4-524EBE325869"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BED21777-8642-49AC-A99F-87ED9B21FE14"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FBAE267-EAB9-403A-8E1D-7C8EE68F0A36"}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_server:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5500DAF-78C2-4E30-AB1C-EF623C43956B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}