CVE-2016-5740

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.2-rev5

Description An issue allows JavaScript code to be executed within a user's context when it is included in ical attachments within scheduling emails. This code can be presented to the user in the E-Mail App, depending on the invitation workflow, and can lead to malicious script execution. This can result in session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data.

Recommendations For Open-Xchange OX App Suite versions prior to 7.8.2-rev5, update to version 7.8.2-rev5 or later to resolve the issue. As a temporary workaround, consider restricting the handling of ical attachments within scheduling emails to minimize the risk of exploitation.