PT-2016-7137 · Open Xchange · Open-Xchange Appsuite

Published

2016-12-15

Updated

2016-12-16

CVE-2016-6844

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.2-rev8

Description An issue in Open-Xchange OX App Suite allows script code within SVG files to be maintained when opening such files in browser, based on the Mail or Drive app. This can lead to the execution of malicious script code within a user's context, potentially resulting in session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data.

Recommendations For versions prior to 7.8.2-rev8, update to version 7.8.2-rev8 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-6844

Affected Products

Open-Xchange Appsuite

PT-2016-7137 · Open Xchange · Open-Xchange Appsuite

CVE-2016-6844

Weakness Enumeration

Related Identifiers

Affected Products

References · 4