CVE-2016-6854

Name of the Vulnerable Software and Affected Versions Open-Xchange OX Guard versions prior to 2.4.2-rev5

Description An issue in Open-Xchange OX Guard allows script code injected into a mail with an inline PGP signature to be executed when the signature is verified. This can lead to malicious script code execution within a user's context, potentially resulting in session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data.

Recommendations For versions prior to 2.4.2-rev5, update to version 2.4.2-rev5 or later to resolve the issue. As a temporary workaround, consider disabling the verification of inline PGP signatures until a patch is applied. Restrict access to sensitive features via the web interface to minimize the risk of exploitation.