1. Home
  2. CVE Database
  3. CVE-2016-5740
MEDIUM · 6.1

CVE-2016-5740

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's lo...

Vulnerability Description

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Open-XchangeOpen-Xchange Appsuite<= 7.8.2

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2016-5740?

CVE-2016-5740 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's lo...

How severe is CVE-2016-5740?

CVE-2016-5740 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5740?

Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.