Vulnerability Description
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange | Open-Xchange Appsuite | <= 7.8.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/538732/100/0/threaded
- http://www.securitytracker.com/id/1036157Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/538732/100/0/threaded
- http://www.securitytracker.com/id/1036157Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-4026?
CVE-2016-4026 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such ca...
How severe is CVE-2016-4026?
CVE-2016-4026 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4026?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.