SecuritySpace - CVE-2016-4045

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2016-4045

Description: An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-4045
Bugtraq: 20160622 Open-Xchange Security Advisory 2016-06-22 (Google Search)
http://www.securityfocus.com/archive/1/538732/100/0/threaded
http://www.securitytracker.com/id/1036157

CVE ID:	CVE-2016-4045
Description:	An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4045 Bugtraq: 20160622 Open-Xchange Security Advisory 2016-06-22 (Google Search) http://www.securityfocus.com/archive/1/538732/100/0/threaded http://www.securitytracker.com/id/1036157