CVE

Id
93674  
CVE No.
CVE-2016-6854  
Status
Candidate  
Description
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user"s context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).  
Phase
Assigned (20160818)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
794298 93674 CVE-2016-6854 EXPLOIT-DB:40377  View
794299 93674 CVE-2016-6854 URL:https://www.exploit-db.com/exploits/40377/  View
794300 93674 CVE-2016-6854 CONFIRM:http://packetstormsecurity.com/files/138701/Open-Xchange-Guard-2.4.2-Cross-Site-Scripting.html  View
794301 93674 CVE-2016-6854 CONFIRM:http://www.securityfocus.com/archive/1/archive/1/539395/100/0/threaded  View
794302 93674 CVE-2016-6854 BID:92920  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
4406 JVNDB-2016-005179 libcurl の複数の関数における整数オーバーフローの脆弱性 libcurl の (1) curl_escape、(2) curl_easy_escape、(3) curl_unescape、および (4) curl_easy_unescape 関数には、整数オーバーフローの脆弱性が存在します。 CVE-2016-7167 93674 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-005179.html  View