CVE-2016-4045

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.1-rev11

Description An issue allows script code to be embedded in RSS feeds using a URL notation. If a user clicks the corresponding link in the App Suite RSS reader, the code is executed in the user's context. This can lead to malicious script code execution, potentially resulting in session hijacking or unwanted actions such as sending mail or deleting data. The attack requires the attacker to be within the same context as the user.

Recommendations For Open-Xchange OX App Suite versions prior to 7.8.1-rev11, update to version 7.8.1-rev11 or later to resolve the issue. As a temporary workaround, consider restricting the use of RSS feeds in the App Suite until the update is applied.