{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T17:53:59.561","vulnerabilities":[{"cve":{"id":"CVE-2014-2393","sourceIdentifier":"cve@mitre.org","published":"2014-04-24T05:06:05.670","lastModified":"2026-05-06T22:30:45.220","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment."},{"lang":"es","value":"Vulnerabilidad de XSS en Open-Xchange AppSuite 7.4.1 anterior a 7.4.1-rev11 y 7.4.2 anterior a 7.4.2-rev13 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un nombre de archivo Drive que no está manejado debidamente durante el uso del compositor para añadir un adjunto de email."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.2","matchCriteriaId":"4051DD61-3387-4CFB-9243-FCB602813F10"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"DDBB02DF-1022-4FE5-B5E1-198DC58F8C1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"2BF31219-8390-4676-A9C4-D625A016C71E"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"0ABF6E32-2996-4DCF-A4A2-197CCFAEE22C"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*","matchCriteriaId":"0A708019-6229-4768-994C-5A51B0495CAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/531762","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/531762","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}