CVE-2015-7385

Name of the Vulnerable Software and Affected Versions Open-Xchange OX Guard versions prior to 2.0.0-rev11

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key. This occurs because the input is not properly handled in "Guard PGP Settings."

Recommendations For versions prior to 2.0.0-rev11, update to version 2.0.0-rev11 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Guard PGP Settings" to minimize the risk of exploitation. Avoid using the uid field in PGP public keys until the issue is resolved.