Vulnerability CVE-2016-4026


Published: 2016-12-15

Description:
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Open-Xchange App Suite 7.8.1 Information Disclosure
Martin Heiland
23.06.2016

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Open-xchange -> Open-xchange appsuite 

 References:
http://www.securityfocus.com/archive/1/538732/100/0/threaded
http://www.securitytracker.com/id/1036157

Copyright 2024, cxsecurity.com

 

Back to Top