CVE-2016-4048

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.1-rev11

Description An issue in the login screen notification mechanism for external users allows the injection of arbitrary text messages. This can be exploited for social engineering attacks, where users may be tricked into following instructions injected by third parties.

Recommendations For versions prior to 7.8.1-rev11, update to version 7.8.1-rev11 or later to resolve the issue. As a temporary workaround, consider restricting the ability to inject custom messages at the login screen to minimize the risk of exploitation.