CVE-2016-6851

Name of the Vulnerable Software and Affected Versions Open-Xchange OX Guard versions prior to 2.4.2-rev5

Description An issue in Open-Xchange OX Guard allows script code to be provided as a parameter to the OX Guard guest reader web application, enabling cross-site scripting attacks against arbitrary users without prior authentication. This can lead to malicious script code execution within a user's context, potentially resulting in session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data, if the user has an active session on the same domain.

Recommendations For Open-Xchange OX Guard versions prior to 2.4.2-rev5, update to version 2.4.2-rev5 or later to resolve the issue. As a temporary workaround, consider restricting access to the OX Guard guest reader web application to minimize the risk of exploitation.