CVE

Id
93673  
CVE No.
CVE-2016-6853  
Status
Candidate  
Description
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user"s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).  
Phase
Assigned (20160818)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
794293 93673 CVE-2016-6853 EXPLOIT-DB:40377  View
794294 93673 CVE-2016-6853 URL:https://www.exploit-db.com/exploits/40377/  View
794295 93673 CVE-2016-6853 CONFIRM:http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html  View
794296 93673 CVE-2016-6853 CONFIRM:http://www.securityfocus.com/archive/1/archive/1/539395/100/0/threaded  View
794297 93673 CVE-2016-6853 BID:92920  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
4080 JVNDB-2016-004853 libarchive におけるサービス運用妨害 (DoS) の脆弱性 libarchive は、再帰的な解凍数を制限しないため、サービス運用妨害 (メモリ消費およびアプリケーションクラッシュ) 状態にされる脆弱性が存在します。 CVE-2016-7166 93673 4.3 5.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004853.html  View