← back
CVE-2016-6854

CVE-2016-6854

EPSS 2.4%
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.htmlunverifiedcve_referencewww.exploit-db.com/exploits/40377/unverifiedexploitdbwww.exploit-db.com/exploits/40377unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.htmlhttps://www.exploit-db.com/exploits/40377/http://www.securityfocus.com/archive/1/539395/100/0/threadedhttp://www.securityfocus.com/bid/92920