CVE-2016-6842

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.2-rev8

Description An issue allows malicious script code to be executed within a user's context when a shared "Templates" folder is accessed from OX Documents settings. This occurs if the user's name is set to JS code. The execution of this code can lead to session hijacking or trigger unwanted actions via the web interface, such as sending mail or deleting data.

Recommendations For versions prior to 7.8.2-rev8, update to version 7.8.2-rev8 or later to resolve the issue. As a temporary workaround, consider restricting access to shared folders or avoiding the use of JS code in user names until the update is applied.