CVE-2016-6845

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.2-rev8

Description An issue in Open-Xchange OX App Suite allows script code within hyperlinks at HTML emails to be executed when using base64 encoded data resources, due to incorrect sanitization. This enables an attacker to provide hyperlinks that execute script code instead of directing to a proper location, potentially leading to session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data.

Recommendations For versions prior to 7.8.2-rev8, update to version 7.8.2-rev8 or later to resolve the issue.