CVE-2016-6842
Last modified
CVE-2016-6842 is a vulnerability of currently unknown severity. An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. EPSS estimates a 0.71% chance of exploitation in the next 30 days.
Description
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Open-Xchange | Open-Xchange Appsuite | <= 7.8.2 | Rev4 |
References
- http://www.securityfocus.com/bid/93457Third Party Advisory, VDB Entry
- https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdfRelease Notes, Vendor Advisory
- http://www.securityfocus.com/bid/93457Third Party Advisory, VDB Entry
- https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdfRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-6842?
How severe is CVE-2016-6842?
How do I fix CVE-2016-6842?
Are you affected by CVE-2016-6842?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST