N/A

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Attackers can use this issue for filter evasion to inject script code later on.

N/A

N/A

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite是美国Open-Xchange公司的一套Web云桌面环境。该环境允许用户更直观的管理电子邮件、任务和文件等。 Open-Xchange OX App Suite 7.8.1-rev11之前的版本中存在安全漏洞。攻击者可借助Web界面利用该漏洞在用户上下文中执行恶意脚本代码，劫持会话并执行未授权的操作。

N/A

N/A