CVE

Id
93667  
CVE No.
CVE-2016-6847  
Status
Candidate  
Description
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user"s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).  
Phase
Assigned (20160818)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
794280 93667 CVE-2016-6847 CONFIRM:https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf  View
794281 93667 CVE-2016-6847 BID:93457  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
4950 JVNDB-2016-005723 Samsung Mobile デバイスにおけるサービス運用妨害 (DoS) の脆弱性 Samsung Mobile デバイスは、SystemUI アクティビティへの外部アクセスが適切に制限されていないため、サービス運用妨害 (SystemUI のクラッシュおよびデバイスの再起動) 状態にされる脆弱性が存在します。 CVE-2016-7160 93667 7.8 7.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-005723.html  View