15 Déc 2016
CVE-2016-6845 - CVE Vulnerability
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). (CVSS:0.0) (Last Update:2016-12-15)
Vulnerability Details : An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Publish Date : 2016-12-15 Last Update Date : 2016-12-15 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2016-6845
- References For CVE-2016-6845
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2016-6845There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |