CVE-2016-4026

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.1-rev11

Description An issue in the content sanitizer component allows malicious script code to be executed within a user's context when invalid HTML code is provided. This can lead to session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data. The issue can be used for filter evasion to inject script code.

Recommendations For versions prior to 7.8.1-rev11, update to version 7.8.1-rev11 or later to resolve the issue. As a temporary workaround, consider restricting the input of invalid HTML code to minimize the risk of exploitation.