← Retour aux CVEs
CVE-2016-6844
N/ADescription
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
Details CVE
Score CVSS v3.1N/A
Publie12/15/2016
Derniere modification4/12/2025
Sourcenvd
Observations honeypot0
Produits affectes
open-xchange:open-xchange_appsuite
Faiblesses (CWE)
CWE-79
References
http://www.securityfocus.com/bid/93457(cve@mitre.org)
https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf(cve@mitre.org)
http://www.securityfocus.com/bid/93457(af854a3a-2127-422b-91ae-364da2661108)
https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.