Vulnerability CVE-2016-4026


Published: 2016-12-15

Description:
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Open-Xchange App Suite 7.8.1 Information Disclosure
Martin Heiland
23.06.2016

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Open-xchange
Product: Open-xchange appsuite 
Version: 7.8.1;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/archive/1/538732/100/0/threaded
http://www.securitytracker.com/id/1036157

Related CVE
CVE-2017-13667
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
CVE-2017-13668
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2017-5213
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2017-5212
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.
CVE-2017-5211
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
CVE-2017-5210
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
CVE-2017-17061
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
CVE-2017-17060
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.

Copyright 2019, cxsecurity.com

 

Back to Top