Dejavuln

**Name of the Vulnerable Software and Affected Versions** Open-Xchange OX Guard versions prior to 2.4.2-rev5 **Description** An issue in Open-Xchange OX Guard allows script code to be provided as a parameter to the OX Guard guest reader web application, enabling cross-site scripting attacks against arbitrary users without prior authentication. This can lead to malicious script code execution within a user's context, potentially resulting in session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data, if the user has an active session on the same domain. **Recommendations** For Open-Xchange OX Guard versions prior to 2.4.2-rev5, update to version 2.4.2-rev5 or later to resolve the issue. As a temporary workaround, consider restricting access to the OX Guard guest reader web application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open-Xchange OX Guard versions prior to 2.4.2-rev5 **Description** An issue in Open-Xchange OX Guard allows script code injected into a mail with an inline PGP signature to be executed when the signature is verified. This can lead to malicious script code execution within a user's context, potentially resulting in session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data. **Recommendations** For versions prior to 2.4.2-rev5, update to version 2.4.2-rev5 or later to resolve the issue. As a temporary workaround, consider disabling the verification of inline PGP signatures until a patch is applied. Restrict access to sensitive features via the web interface to minimize the risk of exploitation.