Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6851Cross-site Scripting in OX Guard

CWE-79Cross-site Scripting7 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
1.4%
top 19.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange OX Guard
Timeline
PublishedDec 15
Latest updateMay 14

Description

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) in case the user has an active session on the same do

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-494v-jqp4-m59h: An issue was discovered in Open-Xchange OX Guard before 22022-05-14
OSV
OpenJPEG vulnerabilities2020-09-15
CVEList
CVE-2016-6851: An issue was discovered in Open-Xchange OX Guard before 22016-12-15

💥Exploits & PoCs

1
Exploit-DB
Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities2016-09-13
CVE-2016-6851 — Cross-site Scripting in OX Guard | cvebase