CVE-2016-6846

Name of the Vulnerable Software and Affected Versions Open-Xchange (OX) AppSuite backend versions prior to 7.6.2-rev59 Open-Xchange (OX) AppSuite backend versions prior to 7.8.0-rev38 Open-Xchange (OX) AppSuite backend versions prior to 7.8.2-rev8 Open-Xchange (OX) AppSuite frontend versions prior to 7.6.2-rev47 Open-Xchange (OX) AppSuite frontend versions prior to 7.8.0-rev30 Open-Xchange (OX) AppSuite frontend versions prior to 7.8.2-rev8 Open-Xchange (OX) Office Web versions prior to 7.6.2-rev16 Open-Xchange (OX) Office Web versions prior to 7.8.0-rev10 Open-Xchange (OX) Office Web versions prior to 7.8.2-rev5 Open-Xchange (OX) Documentconverter-API versions prior to 7.8.2-rev5

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML.

Recommendations For Open-Xchange (OX) AppSuite backend versions prior to 7.6.2-rev59, update to version 7.6.2-rev59 or later. For Open-Xchange (OX) AppSuite backend versions prior to 7.8.0-rev38, update to version 7.8.0-rev38 or later. For Open-Xchange (OX) AppSuite backend versions prior to 7.8.2-rev8, update to version 7.8.2-rev8 or later. For Open-Xchange (OX) AppSuite frontend versions prior to 7.6.2-rev47, update to version 7.6.2-rev47 or later. For Open-Xchange (OX) AppSuite frontend versions prior to 7.8.0-rev30, update to version 7.8.0-rev30 or later. For Open-Xchange (OX) AppSuite frontend versions prior to 7.8.2-rev8, update to version 7.8.2-rev8 or later. For Open-Xchange (OX) Office Web versions prior to 7.6.2-rev16, update to version 7.6.2-rev16 or later. For Open-Xchange (OX) Office Web versions prior to 7.8.0-rev10, update to version 7.8.0-rev10 or later. For Open-Xchange (OX) Office Web versions prior to 7.8.2-rev5, update to version 7.8.2-rev5 or later. For Open-Xchange (OX) Documentconverter-API versions prior to 7.8.2-rev5, update to version 7.8.2-rev5 or later.