SecuritySpace - CVE-2016-6842

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2016-6842

Description: An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-6842
BugTraq ID: 93457
http://www.securityfocus.com/bid/93457

CVE ID:	CVE-2016-6842
Description:	An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6842 BugTraq ID: 93457 http://www.securityfocus.com/bid/93457