Open Xchange · Open-Xchange Appsuite · CVE-2016-5740
**Name of the Vulnerable Software and Affected Versions**
Open-Xchange OX App Suite versions prior to 7.8.2-rev5
**Description**
An issue allows JavaScript code to be executed within a user's context when it is included in ical attachments within scheduling emails. This code can be presented to the user in the E-Mail App, depending on the invitation workflow, and can lead to malicious script execution. This can result in session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data.
**Recommendations**
For Open-Xchange OX App Suite versions prior to 7.8.2-rev5, update to version 7.8.2-rev5 or later to resolve the issue. As a temporary workaround, consider restricting the handling of ical attachments within scheduling emails to minimize the risk of exploitation.